Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:00 PM
Ariel Zeitlin
Ariel Zeitlin
Connect Directly
E-Mail vvv

Breaches Are Inevitable, So Embrace the Chaos

Avoid sinking security with principles of shipbuilding known since the 15th century.

If you consider cybersecurity breaches to be the "new normal," you're in good company. A recent survey conducted by Kaspersky Lab revealed that 86% of 250 top security officials who participated believe that cybersecurity breaches are inevitable. The complexity of today's cyber environments guarantees that every company is on a path to a breach. Cloud adoption that leads to hybrid environments spread across different locations and teams, the use of containers, a permeable perimeter — all these factors broaden the attack surface and challenge our existing approach to managing threats.

Shipbuilders Expect Failure and Plan for It, and You Should Too
The security industry clearly could be doing more regarding breach management. Though we spend billions of dollars and likely prevent lots of bad stuff, the number of high-profile breaches causing devastating damage is constantly increasing and, with it, the exponential growth of exposed records and sensitive customer data. And why? Because unlike other industries, we fail to plan for failure.

Take shipbuilding, for example. Shipbuilders have engineered their systems for failure by, among other things, segmenting the hulls of their ships and limiting access to the ship's engine room to contain damage if a breach happens. It's been done this way since the 15th century, and it's still being done in today's modern vessels. The lessons learned from shipbuilders can be applied to modern IT security. Here are a few security principles that reflect this:

  1. Shipbuilders assume that at some point the ship will suffer a leak, and so they create hulls that prevent a single leak from sinking the entire ship. In the same way, assume a breach in your corporate environment and segment your network. This way, if there's malware in the testing environment, other sensitive environments such as development, production, and the DMZ won't be affected. Lack of segmentation allows attackers to move with ease to critical areas once they make it through the perimeter, much the same way water would flow throughout the entire ship if the hull wasn't segmented.
  2. Staff responsible for maintaining the ship's hull monitor for leaks or weak points patch regularly to keep precious cargo and crew safe. In the same way, modern security teams must be vigilant about monitoring and patching to prevent proverbial cracks in the perimeter and potentially bigger problems.
  3. The ship's most sensitive tools are hosted in the engine room. To protect your crown jewels, fence your critical IT assets to make sure they are not damaged in case of a network breach.
  4. Consider ships that staff their lookouts 24/7 in order to keep a watch on everything, and direct course correction if necessary. Similarly, think about maintaining complete visibility throughout the entire data center down to the application level. Gaining visibility of an increasingly complex and dynamic ecosystem is a must before you can "change course" or put any policy or controls into place.
  5. Keeping the crew from accessing the ship's bridge is an important safety measure. Likewise, in the cyber world we advise that you base your policy on user identity to ensure that your employees, contractors, and remote users access only what they're entitled to. The result is greater security for your business-critical applications that can be accessed only by authorized users.

In the past two years alone, there have been several examples that point to a lack of visibility and segmentation as the No. 1 cause for large-scale breaches. With a breach of the scale of Equifax — one of the largest cyberattacks of all time, affecting 148 million consumers in 2017 — the US House of Representatives Committee on Oversight and Government Reform report on the breach mentions "the company's failure to implement basic security protocols, including file integrity monitoring and network segmentation" as an insight into how Equifax "allowed attackers to access and remove large amounts of data."

Equifax's lack of a well-implemented segmentation strategy allowed attackers to gain access to dozens of databases that contained personally identifiable information in an attack that lasted over 75 days. WannaCry, the largest malware infection in history, could have also been better contained if companies had patched their systems against the MS10-010 vulnerability that allowed its exploitation. Recall, however, that with WannaCry, organizations didn't realize they had a vulnerability that needed patching or were unable to do so. Even without patching, had network segmentation been deployed, affected organizations would have been able to enforce security policies and prevent the worm from moving laterally across their environments. 

Anticipate the Breach. Patch. Segment.
With threats at the scale of Equifax and WannaCry, it would be easy to assume that the attackers used a complex attack pattern or took advantage of a new vulnerability that flew under the radar. Yet these attacks were made possible by unpatched systems and the lack of network segmentation. By embracing the chaos to come and anticipating attacks that can be stopped by network segmentation and better visibility into the data center, businesses are less likely to be sunk by a breach and can ensure the longevity of their company. 

Related Content:


Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Account Fraud Harder to Detect as Criminals Move from Bots to 'Sweat Shops'."

Ariel Zeitlin co-founded Guardicore after spending 11 years as a cybersecurity engineer and researcher at the Israeli Defense Forces (IDF), where he worked closely with co-founder Pavel Gurvich. In his last position at the IDF, Ariel led a team of 30 engineers and researchers ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We are really excited about our new two tone authentication system!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-30
Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoof...
PUBLISHED: 2020-11-30
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronou...
PUBLISHED: 2020-11-30
HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 F...
PUBLISHED: 2020-11-30
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
PUBLISHED: 2020-11-30
An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.