Page 72 - Cyber Warnings
P. 72
Stop building higher fences and start searching the grounds
Scott Millis, CTO of Cyber adAPT, argues the case for re-evaluating perimeter
security strategies
John Chambers, the man whose hand was on Cisco’s tiller for 20 years, is once reported to
have said, “There are two types of companies: those that have been hacked, and those who do
not know they have been hacked.” It has become a truism.
Just about every organization now accepts it is no longer a matter of “if” they suffer a breach,
but “when” and, more importantly, how they can isolate and mitigate the threat.
i
2016 was a record breaking year for reported data breaches, up 40 per cent from 2015 . In
August last year, Yahoo confirmed at least 500 million Yahoo user details had been stolen… in
2014, taking two years for the company to admit it had fallen victim to the largest data breach
from a single site in history.
This begs the question: how do you build a security strategy in a world where whatever you do,
threats cannot be kept out? The answer lies in taking a new approach. Traditionally,
organizations have focussed on their perimeter.
Essentially, they have built big walls to keep out the bad guys. In striving to keep the enterprise
safe, these walls have become bigger and more resistant.
But those walls are not impermeable. You can bet your bottom dollar malware and other threats
can get past the biggest, best-built barriers surrounding the perimeter of an organization’s
network.
This is because the way in which attackers approach the perimeter has shifted. Criminals often
get in using legitimate usernames and passwords to avoid detection.
These can be gained through phishing, key stroke loggers or even good old fashioned shoulder-
surfing.
Of course, there is also the chance of a malicious insider. We all potentially have our own
Edward Snowden – although whether he was malicious or not is a point for debate.
This is compounded by technical developments such as virtualization, cloud and mobile.
Virtualization makes servers, applications and data both fluid and mobile.
Cloud puts data beyond the traditional confines of a network and mobile means data is pushed
out to any number of end points, via a carrier network, often with no more security than a PIN.
72 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
