Content

Fear and anxiety at the polls

"Fear and anxiety over the election process underscores one of the most fundamental security issues organizations face: the ability to know whether there is an active attacker at work on a network. In the case of a classic data breach, the attack eventually surfaces once accounts, passwords and other details end up on the Dark Web or are used by cybercriminals. This revelation generally comes far too late-well after the theft or damage has occurred-and it takes an average of five months. In the case of data or system manipulation or stolen secrets, revelation may never come. While finding an active attack early and curtailing it is a long sought after objective, the ability to know that an attacker is not present is also tremendously valuable.

Ask a CIO or CISO, "Do you have the means to find an active attacker on your network working towards a data breach?" Most, if they are fully informed and completely honest, they will admit that they do not. If they believe they have the means to know, ask how and what is their level of confidence? You will likely get a blank stare.

Confidence is the issue with the election, especially after the breaches of the Arizona and Illinois election databases, the DNC attack, and other election-related security events. Ideally, a state elections department could attest that its network is free from attackers. Based on a thorough check of hundreds or thousands of parameters and using ongoing, detailed behavioral profiles, organizations should be able to find an attacker at work. The inverse is also immensely beneficial to give confidence and attest, "Our network is free from attackers." This kind of assurance would also be valuable for a law firm to give to its clients during a routine security review. It's exactly what a defense contractor should be able to present to the Department of Defense. Even in the case of a merger or acquisition, it would be extremely valuable to know that you are not connecting up to a network with a hidden attacker.

In some cases, knowing that there is no attacker is nearly as valuable as knowing that there is an attacker."

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.