How to Stop Fighting Ghosts and Get Real About Cybersecurity
All too often, security leaders find themselves investing in cybersecurity tools aimed at stopping invisible enemies—adversaries with the inhuman capability to attack from all directions with what appear to be unpredictable tactics. In response, we blindly throw up defenses, attempt to detect all sorts of variables, and scrutinize every potential weakness that might make us vulnerable.
Meanwhile, the media and our industry peers are constantly telling us that the hackers are winning, building up our belief that these evil geniuses are somehow more sophisticated, smarter, and more innovative than our own teams. So, we deploy expensive tools to protect against sophisticated hacker scenarios that may never occur at a high cost to our organizations and our IT resources.
The Problem is With the Solution
One of the greatest strengths of hackers is their ability to trick IT professionals into thinking they have some sort of supernatural powers. The truth is, most attackers do very predictable things—and they work, because IT operators can’t detect common attacker techniques and, even if they could, their meantime-to-detection is 10,000 years (just a bit of hyperbole, it's more like months) as reported year after year in the Verizon Data Breach Investigations Report (DBIR).
Many of the IT controls that operators put into place close a side door but leave the front door unlocked. Worse yet, these controls often become ineffective or counterproductive over time. IT security systems generate reams of false-positives, leading to a “cry wolf” situation where operators are unable to discern valuable alerts from noise. These are not the strengths of an all-powerful enemy, they are the signs of a poor defense.
Put Away Your Ghost-O-Meters
Now that we all understand there are no such things as ghost hackers, it’s time for businesses to deploy hyper-practical, offense-informed information security approaches that can send high-accuracy alerts in response to known attacker techniques. IT teams need rigor and accountability through reporting, and they should be routinely re-verifying their false-negative rates, false-positive rates, and time-to-detection— all within statistical confidence intervals. With this level of precision, IT teams can calibrate and optimize defenses in ways never before possible.
Columbus Collaboratory is currently doing just that by working with our members to improve processes and shut all the doors to threats. One of our approaches is to use adversary emulations to run the most current hacker techniques against networks rather than generic penetration tests to identify all possible weaknesses. We then ingest, analyze, and report on vulnerabilities mapped to known threats, so the focus is on valuable remediations.
This approach prevents security and IT teams from getting bogged down in time-consuming fixes that don’t impact security protections and helps clients discover compliance issues that make an impact. We set up plans of actions to close weaknesses based on regulation to help avoid distracting audit findings and other ghosts in the machine.
Most importantly, we believe that through collaborative security, our members are better protected from the unknown. Having a trusted peer network that they can rely on to share best practices, threat intelligence, and advice creates greater visibility and peace of mind, so our members can concentrate on the real threats and forget about the potential ghosts haunting their businesses.
To find out what you really need to know about today’s threat landscape, read my post, 4 Key Takeaways from Verizon’s 2019 Data Breach Investigations Report. Or click here to learn more about how our collaborative approach to cybersecurity can help protect your organization from bad actors.