Incident Response, Network Security, TDR

We’re failing on the basics and need a new approach

The security world was rocked this past year by a barrage of breaches hitting all industries from retail companies to financial institutions. We all came to attention in the wake of the Target breach, then there was the compromise of JP Morgan Chase, and now we have the devastating attack on Sony Pictures Entertainment to mull over. Top FBI officials and research professionals have described the attack on Sony as unparalleled, that 90 percent of companies' defense measures would have failed to stop it, but that is not a satisfying answer for companies whose brand recognition and bottom line is at stake.

Fortunately, I do see a benefit coming out of all of the recent activity in the security space. It is finally garnering the attention of the C-level and forcing them to the realization that they aren't prepared, that they need to employ better security measures and go back to basics when it comes to dealing with cyber threats. In 2015, we will see the rise of targeted defensive security solutions that are accurate, scalable and lack the need for the coddling hand of security experts. Moreover, the new solutions will be an important tool against cyber criminals that look to feed on the apprehensions wrought by the recent scorched-earth methods of the Sony attackers.

To date, most security solutions have been cumbersome appliances that attempt to provide a silver bullet to solve all of a company's security problems. These solutions produce hundreds of pages of data that require hours of additional validations from already overtaxed security personnel. It's a burden for an industry that is already lacking in trained security professionals. Tools are being built for security people that don't exist or don't have time. The only way we will have a fighting chance will be if tools are built, not to try and do everything, but to do a particular piece of the puzzle incredibly well and accurately. All while maintaining pace with existing workflows and company structures.

For example, applications can use solutions that automatically block malicious behavior or, if not, identify them with a high level of precision. It will allow for immediate remediation or the opportunity for developers to jump right in to solve a problem without the need of a security expert's validation. The process will require growing pains but, with suits against Target moving forward and the unfolding Sony drama, companies will quickly realize the differentiator investing in security will offer, especially as more hardline losses are recorded.

On the other hand, we cannot forget that hackers have been noticing the security developments as well. This brings me to the double-edged sword the Sony attack has become. As I mentioned, the recent attack has everyone on edge – no one wants to be the next Sony – causing board level discussions to increasingly center on the topic of security. But what if hackers are not just looking to steal credit card information, and want to bring a business to a halt. Potential attackers could readily point at Sony and say, “We are part of GOP, and we can do this to you. Do you remember what happened to Sony?” Whether true or just a threat, how many organizations will challenge the attackers and call their bluff?

The scorched-earth approach of the attackers will inspire copycat attacks from hacktivists against other corporations. In addition, ransomware attacks will reference Sony as what happens if you don't pay up. The intangible and hidden costs of poor security may become an inevitable issue in 2015 with similar rampage style attacks.

We also can't forget the dubiousness of attempting to attribute attacks will make it even harder to ignore those kinds of threats. There will likely be a renewed discussion of the attack back mentality, as companies feel they should be able to fight back and stand up for themselves. But I think this is a misguided view of security. Attribution will always be a problem and confusing the identity of hackers could have unwanted repercussions.

In short, I think the best option will be to go back to basics, to build a security infrastructure that works with what your company has at its disposal without lacking efficacy. Harness tools built to automatically find specific issues with high reliability enabling your limited security experts to focus on the most challenging security problems. Cybercriminals are getting ready and are equipped with the tools to inflict harm; it is left to see if all industries will be ready to confront them.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.