Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/7/2016
10:30 AM
Dotan Bar Noy
Dotan Bar Noy
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

A Holistic Approach to Cybersecurity Wellness: 3 Strategies

Security professionals need to rely on more than 'vaccinations' to protect the health and safety of company systems and data.

As humans, we try and do everything we can to keep our bodies healthy. We do our best to follow preventative measures like taking vitamins or getting vaccines. We try and eat right to keep our bodies functioning as attended. If this preventative approach can work for the human body, maybe it’s an approach worth trying in enterprise cybersecurity.

Looking back at the online attacks of 2016, we have had a mixture of a strong flu season (new strains of the same old viruses) along with some more exotic Zika-like threats that are still being figured out (ransomware variants). Like any natural virus, a cyber threat only has to work at a low percentage to be successful. If a virus is too powerful, the infected don’t live long enough to pass along the disease.

In the cyber realm, if we could, we’d all probably just turn off our computers for a while until the threat is neutralized. But seriously, when a virus or threat fails, there’s a low chance of its survival. But because threats only need to have a successful attack at a miniscule percentage, cybercriminals can effectively prey on weak links for continued adaption and spreading.  

The comparison between viruses in the cyber world and the natural world can also be extended to the approaches used to combat them.

Vaccination
When individuals are vaccinated against a disease, they gain an adaptive immunity. As more threats are identified, more vaccinations are needed to build on that immunity. In the U.S. healthcare system, this involves coverage for about 15 viruses. But for a computer or network to be vaccinated against all threats, it would require millions and millions of “immunizations” in the form of signature or behavioral definitions. Humans add new layers of adaptive immunity over time, whether through boosters to old immunities or new treatments. In the enterprise, the information security department is constantly patching and updating definitions to stay ahead of the evolving threats, or adding new layers of protection.

For computers and humans, the concept of immunization requires knowledge of the threat. This means there is always a gap between emergence and recognition that allows a virus to proliferate. The consequences can be severe, which is why it’s important to do more than rely on immunity to stay healthy.

Wellness
In addition to vaccinations, people try to live a healthy lifestyle, which could include exercise, meditation, and proper nutrition. The reasoning behind this is that by adequately supporting the different systems of the body, we can better fight off viruses, bacteria, and other threats. In the enterprise, it’s equally important to build up healthy habits to try and prevent problems.

Cyber attackers are becoming increasingly sophisticated at staying ahead of defenses, making the vaccination approach less and less effective. Instead, companies need to look at three strategies to promote a holistic wellness in their approach to cybersecurity:

1. Educated Employees
Enterprises are often quick to blame individual employees for cyber attacks because they were the ones who clicked the link or downloaded the malicious file that set off the attack. But, attacks are becoming so advanced and well-disguised, that it is increasingly more difficult to distinguish the real from the fake. Instead of blaming the employees, educate them. Feed them with the basic knowledge they need to protect themselves from potential attacks. Of course, it is impossible for every employee to be expert, but by having a basic knowledge of what to look out for, they can better protect themselves as well as the enterprise.

2. Advanced Prevention
Cyber threats present a fast-moving target for detection-based solutions, so enterprises need to move beyond traditional approaches that adapt to different threats – or simply treat everything as a potential vehicle for an attack. There’s often no need to get rid of the “basic” security in place as each layer can share the load and help reduce demand on more compute or human-resource intensive platforms.

If a company can reduce the workload on their sandbox solution, for example, the cost savings alone could pay for a new, more advanced layer. The disadvantage of having many solutions is the need to manage all of them. So security teams need to understand to which category a solution belongs (endpoint, gateway, etc.) and what are the real problems it solves. You need to be efficient and look for the most coverage from the least amount of solutions. While some overlap is good and will happen naturally, the wider the risk coverage (data source and threat), the better.    

3. Faster Recovery
It is impossible to be 100% secure, so enterprises should be hedging their investment in security by adding tools that address remediation and recovery. Whether that involves backing up files to speed recovery, investing in better network segmentation to limit damage, or protecting against data loss, these efforts will help decrease the cost of a breach and minimize lost productivity.

Even the most effective vaccinations can fail if the overall health of the patient is poor. By looking at enterprise security holistically and developing a sense of cyber wellness, companies will be better prepared for the challenges to come.

Related Content:

Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business. Click to register.

Dotan Bar Noy Lt. Commander Israel Navy. (RET) is the CEO & Co-Founder of ReSec Technologies. He has more than 10 years of management experience in technology and software companies. Prior to founding ReSec, he served as Director at Issta (listed ISTA.P), CEO of G.F.A. ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kbannan100
50%
50%
kbannan100,
User Rank: Moderator
7/7/2016 | 1:18:14 PM
Spot on
I love the way you compared IT security to the security of the body. I also think that in IT, like in medicine, you have to look at where an infection can enter. Sure, you want to cover the most common entry points -- in a human: nose, eyes and mouth and in an IT network PCs, laptops and other endpoints. But then you have to think about the less common entryway. Humans can get an infection by getting bit by a bug or getting a scrape or a cut. In an IT network you have to cover lesser-known entry points such as printers or even IoT devices such as HVAC. 

Really great points! Thanks again! 

--Karen Bannan for IDG and HP
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4229
PUBLISHED: 2020-06-05
IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211.
CVE-2020-4448
PUBLISHED: 2020-06-05
IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.
CVE-2020-4449
PUBLISHED: 2020-06-05
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.
CVE-2020-4450
PUBLISHED: 2020-06-05
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.
CVE-2020-8103
PUBLISHED: 2020-06-05
A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.