There were over 3,141 confirmed data breaches in 2015 and that doesn’t include the ones that were never reported or detected. Yahoo’s recent attack involved at least 500 million user accounts. Clearly the security problem is getting worse, not better.
Many breaches aren’t swift attacks. Cyber criminals often gain access with valid user credentials, then linger in the system undetected for weeks or even months, stealing valuable data at their leisure. This is despite the fact that some enterprises deploy security point solutions in the hopes of stopping a data breach. The problem can sometimes be the whitespace between security solutions and once they gain access (usually with valid user credentials) they gain a foothold and can sit silent and undetected for weeks if not months, waiting to inflict damage.
Do you think you know:
- How serious that problem is?
- What it takes to solve it?
While big breaches make the headlines, even a small breach can permanently poison a company’s brand and financial future. Customers have long memories, regulatory fines can be devastating, and “minor” repercussions like overworked staff and internal chaos can have a lasting impact.
Many breached companies – and skittish organisations that have learned from their losses – will often invest in new security point solutions after a breach, in hopes of preventing the next attack. But does adding more red tape solve the gaps between siloed security products, or is it a temporary solution?
Anatomy of a typical breach
Let’s trace the path of a typical breach. It might start with a successful phishing attempt involving an employee. The criminal gets inside the network and is undetected due to the deception of looking like an authenticated user. They assess the lay of the land, learning how to escalate their privileges and moving laterally in the system. At that point, they’re still unobserved and have the time and opportunity to obtain their goal – stealing private customer information, or copying company intellectual property for example.
To put this in terms we’re all familiar with, consider the Target attack. Shortly after being certified as PCI-DSS compliant in 2013, Target was breached. Were they immediately aware? No. The attackers tested their malware, realised Target’s security system wasn’t stopping them, and installed it. Several security alerts were triggered, but the Target security team missed the warnings as they did not collectively paint a clear picture. The attackers were free to begin exfiltrating data. Eventually it was the Department of Justice that notified Target of the breach. Only then did Target act – announcing that 40 million payment card data records were stolen. Later they then added an additional 70 million records to that number.
This is one illustration of why criminals are staying undetected with so many security tools in place. The alerts aren’t correlated. There’s what we call white space between security solutions – and attackers know just how to exploit that lack of visibility.
Tackling the white space
The white space exists because most security vendors approach the problem as only a piece of the overall attack lifecycle. Naturally security teams wind up acquiring multiple solutions from various vendors to cover all of its cyber security requirements. But as a result they begin to feel overwhelmed, working harder and harder (but not necessarily more effectively) to manage all of the systems, and find that malicious actors keep slipping in between solutions anyway.
Fortunately, prominent cyber security companies are joining forces and collaborating to help protect this unprotected white space and prevent unnecessary data breaches. By formulating these alliances we and other partner companies can offer a solution that will help organisations address every stage of the attack lifecycle from initial penetration, to lateral movement, to escalating privileges with best of breed solutions. This involves a connected framework that leverages multiple datasets to determine risk or evidence of the attack, reduce the time it takes to detect criminals, and limit exposure. All while providing smooth access for valid users.
Failing to adequately prepare, mitigate, and action upon threats to your business is not an option. Businesses of all sizes, in all industries, should be continually looking for new ways to keep secure as the prevalence of cyber-attacks continues. Trusted partner alliances enable you to come to one place for multiple security needs and be certain that all the ways into your network are protected.
James Thompson, Regional Director, EMEA at SecureAuth Corporation via ITProPortal (original article)