Everything Is Hackable: Now What?

  /     /     /  
Publicated : 22/11/2024   Category : security


Everything Is Hackable: Now What?


When everything is hackable, breach prevention cant be the only tool in the cybersecurity tool chest.



The security industry has a mindset problem. For years, businesses have operated with the might mentality -- that they might get attacked someday, unless they do something to prevent it. The reality, though, is that all organizations, whether they are public, private or non-profit, are being analyzed, tested and exploited by malicious entities constantly. These entities motivations may differ between industries, but the fact is that someone, somewhere is trying to break in, and the odds are in their favor.
If you acknowledge that you are under attack -- today, right now -- then it becomes possible to shift your mindset towards protecting your organization. Focusing on detection and remediation gives you a better chance of limiting the damage to your business once an incident happens.
However, in order to respond to an incident, you first have to recognize that one has actually occurred. The statistics are still quite troubling in this area, with the majority of breaches being identified by external third parties and not by an organizations internal teams.
Verizons 2017 Data Breach Investigations Report
found that 89% of all breaches caused by miscellaneous errors were discovered by external parties -- 76% of which were a customer. This leaves little opportunity to remediate the threat in a meaningful way, i.e. prior to data exfiltration.
Once you understand that (unfortunately) you as an organization are unlikely to identify a certain portion of threats, ensuring that you maximize your detection capabilities is critical. Here are a few ways to do so.
Reduce false positives. The primary means of maximizing detection capabilities is by reducing false positive alerts coming from your existing security infrastructure. Once the fidelity of alerts viewed by the security operations center (SOC) is acceptable, this is where your incident response plan comes into play.
Have a plan (any plan!). Having a plan for incident response is crucial. There are multiple frameworks, products and guidelines that can be leveraged for this purpose, so its important to find the one that makes the most sense for your business. An organization must have a predetermined incident response plan to have any chance of success.
Practice makes perfect. If you work under the assumption that a breach is imminent, you will be better prepared to react when an incident occurs. Build a red team and test your infrastructure and SOCs response times. The incident response process needs to be a well-oiled machine, and the only way to accomplish that is by conducting hands-on drills.
Of course, this is not to say that prevention should be ignored. There are still necessary tactics that should be put in place to help your organizations overall security, such as limiting access to critical infrastructure -- if someone doesnt need access to X, they should not have access to X. This applies to both users and machines -- web server Y should not be able to reach database Z unless absolutely necessary.
And while investing in quality security products remains important in any enterprise security strategy, they need to be coupled with a security team that knows how to implement these products and get results. These security products are simply tools in a human analysts security tool belt. Firewalls, intrusion prevention systems, anti-virus solutions, SIEMs and sandboxes all exist to reduce risk and exposure, but at the end of the day, a well-trained analyst is an enterprises best defense.
Many will argue that subsets of artificial intelligence (AI), such as machine and deep learning, are a bigger key to success than actual employees. However, those of us who are realists understand that while these technologies may be effective in certain, specific use cases today, we are decades away from AI replacing most solutions (and humans) that are employed today.
With your security team -- and ideally, the full organization -- on board with an imminent breach mentality, the chances of limiting damage when an attack hits are much higher. By coupling a strong security team with the right tools and processes for when -- not if -- the worst happens, your organization will be in a stronger position to protect itself.
Related posts:
AWS Adds Security Management to Growing Portfolio
Aporeto Launches Zero Trust Security Solution
DDoS Attacks Trend in a Bad Direction

Craig Dods is the Chief Architect for Security within Juniper Networks Enterprise Business.

Last News

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Everything Is Hackable: Now What?