Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/7/2016
10:30 AM
Dotan Bar Noy
Dotan Bar Noy
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

A Holistic Approach to Cybersecurity Wellness: 3 Strategies

Security professionals need to rely on more than 'vaccinations' to protect the health and safety of company systems and data.

As humans, we try and do everything we can to keep our bodies healthy. We do our best to follow preventative measures like taking vitamins or getting vaccines. We try and eat right to keep our bodies functioning as attended. If this preventative approach can work for the human body, maybe it’s an approach worth trying in enterprise cybersecurity.

Looking back at the online attacks of 2016, we have had a mixture of a strong flu season (new strains of the same old viruses) along with some more exotic Zika-like threats that are still being figured out (ransomware variants). Like any natural virus, a cyber threat only has to work at a low percentage to be successful. If a virus is too powerful, the infected don’t live long enough to pass along the disease.

In the cyber realm, if we could, we’d all probably just turn off our computers for a while until the threat is neutralized. But seriously, when a virus or threat fails, there’s a low chance of its survival. But because threats only need to have a successful attack at a miniscule percentage, cybercriminals can effectively prey on weak links for continued adaption and spreading.  

The comparison between viruses in the cyber world and the natural world can also be extended to the approaches used to combat them.

Vaccination
When individuals are vaccinated against a disease, they gain an adaptive immunity. As more threats are identified, more vaccinations are needed to build on that immunity. In the U.S. healthcare system, this involves coverage for about 15 viruses. But for a computer or network to be vaccinated against all threats, it would require millions and millions of “immunizations” in the form of signature or behavioral definitions. Humans add new layers of adaptive immunity over time, whether through boosters to old immunities or new treatments. In the enterprise, the information security department is constantly patching and updating definitions to stay ahead of the evolving threats, or adding new layers of protection.

For computers and humans, the concept of immunization requires knowledge of the threat. This means there is always a gap between emergence and recognition that allows a virus to proliferate. The consequences can be severe, which is why it’s important to do more than rely on immunity to stay healthy.

Wellness
In addition to vaccinations, people try to live a healthy lifestyle, which could include exercise, meditation, and proper nutrition. The reasoning behind this is that by adequately supporting the different systems of the body, we can better fight off viruses, bacteria, and other threats. In the enterprise, it’s equally important to build up healthy habits to try and prevent problems.

Cyber attackers are becoming increasingly sophisticated at staying ahead of defenses, making the vaccination approach less and less effective. Instead, companies need to look at three strategies to promote a holistic wellness in their approach to cybersecurity:

1. Educated Employees
Enterprises are often quick to blame individual employees for cyber attacks because they were the ones who clicked the link or downloaded the malicious file that set off the attack. But, attacks are becoming so advanced and well-disguised, that it is increasingly more difficult to distinguish the real from the fake. Instead of blaming the employees, educate them. Feed them with the basic knowledge they need to protect themselves from potential attacks. Of course, it is impossible for every employee to be expert, but by having a basic knowledge of what to look out for, they can better protect themselves as well as the enterprise.

2. Advanced Prevention
Cyber threats present a fast-moving target for detection-based solutions, so enterprises need to move beyond traditional approaches that adapt to different threats – or simply treat everything as a potential vehicle for an attack. There’s often no need to get rid of the “basic” security in place as each layer can share the load and help reduce demand on more compute or human-resource intensive platforms.

If a company can reduce the workload on their sandbox solution, for example, the cost savings alone could pay for a new, more advanced layer. The disadvantage of having many solutions is the need to manage all of them. So security teams need to understand to which category a solution belongs (endpoint, gateway, etc.) and what are the real problems it solves. You need to be efficient and look for the most coverage from the least amount of solutions. While some overlap is good and will happen naturally, the wider the risk coverage (data source and threat), the better.    

3. Faster Recovery
It is impossible to be 100% secure, so enterprises should be hedging their investment in security by adding tools that address remediation and recovery. Whether that involves backing up files to speed recovery, investing in better network segmentation to limit damage, or protecting against data loss, these efforts will help decrease the cost of a breach and minimize lost productivity.

Even the most effective vaccinations can fail if the overall health of the patient is poor. By looking at enterprise security holistically and developing a sense of cyber wellness, companies will be better prepared for the challenges to come.

Related Content:

Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business. Click to register.

Dotan Bar Noy serves as Authomize's co-founder and CEO. Prior to co-founding Authomize, Dotan was product management leader of the "Infinity Next" platform at Check Point Software, following the successful acquisition of ForceNock Security, where he served as Co-Founder and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
kbannan100
50%
50%
kbannan100,
User Rank: Moderator
7/7/2016 | 1:18:14 PM
Spot on
I love the way you compared IT security to the security of the body. I also think that in IT, like in medicine, you have to look at where an infection can enter. Sure, you want to cover the most common entry points -- in a human: nose, eyes and mouth and in an IT network PCs, laptops and other endpoints. But then you have to think about the less common entryway. Humans can get an infection by getting bit by a bug or getting a scrape or a cut. In an IT network you have to cover lesser-known entry points such as printers or even IoT devices such as HVAC. 

Really great points! Thanks again! 

--Karen Bannan for IDG and HP
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark Reading,  10/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27981
PUBLISHED: 2020-10-28
An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III before 5.4.5 allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy...
CVE-2020-24707
PUBLISHED: 2020-10-28
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.
CVE-2020-24708
PUBLISHED: 2020-10-28
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.
CVE-2020-24709
PUBLISHED: 2020-10-28
Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.
CVE-2020-24710
PUBLISHED: 2020-10-28
Gophish before 0.11.0 allows SSRF attacks.