If you consider cybersecurity breaches to be the "new normal," you're in good company. A recent survey conducted by Kaspersky Lab revealed that 86% of 250 top security officials who participated believe that cybersecurity breaches are inevitable. The complexity of today's cyber environments guarantees that every company is on a path to a breach. Cloud adoption that leads to hybrid environments spread across different locations and teams, the use of containers, a permeable perimeter — all these factors broaden the attack surface and challenge our existing approach to managing threats.
Shipbuilders Expect Failure and Plan for It, and You Should Too
The security industry clearly could be doing more regarding breach management. Though we spend billions of dollars and likely prevent lots of bad stuff, the number of high-profile breaches causing devastating damage is constantly increasing and, with it, the exponential growth of exposed records and sensitive customer data. And why? Because unlike other industries, we fail to plan for failure.
Take shipbuilding, for example. Shipbuilders have engineered their systems for failure by, among other things, segmenting the hulls of their ships and limiting access to the ship's engine room to contain damage if a breach happens. It's been done this way since the 15th century, and it's still being done in today's modern vessels. The lessons learned from shipbuilders can be applied to modern IT security. Here are a few security principles that reflect this:
In the past two years alone, there have been several examples that point to a lack of visibility and segmentation as the No. 1 cause for large-scale breaches. With a breach of the scale of Equifax — one of the largest cyberattacks of all time, affecting 148 million consumers in 2017 — the US House of Representatives Committee on Oversight and Government Reform report on the breach mentions "the company's failure to implement basic security protocols, including file integrity monitoring and network segmentation" as an insight into how Equifax "allowed attackers to access and remove large amounts of data."
Equifax's lack of a well-implemented segmentation strategy allowed attackers to gain access to dozens of databases that contained personally identifiable information in an attack that lasted over 75 days. WannaCry, the largest malware infection in history, could have also been better contained if companies had patched their systems against the MS10-010 vulnerability that allowed its exploitation. Recall, however, that with WannaCry, organizations didn't realize they had a vulnerability that needed patching or were unable to do so. Even without patching, had network segmentation been deployed, affected organizations would have been able to enforce security policies and prevent the worm from moving laterally across their environments.
Anticipate the Breach. Patch. Segment.
With threats at the scale of Equifax and WannaCry, it would be easy to assume that the attackers used a complex attack pattern or took advantage of a new vulnerability that flew under the radar. Yet these attacks were made possible by unpatched systems and the lack of network segmentation. By embracing the chaos to come and anticipating attacks that can be stopped by network segmentation and better visibility into the data center, businesses are less likely to be sunk by a breach and can ensure the longevity of their company.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Account Fraud Harder to Detect as Criminals Move from Bots to 'Sweat Shops'."