Page 107 - Cyber Defense eMagazine October 2023
P. 107
Technology: The Race Car
Harnessing technology in cybersecurity is akin to wielding a double-edged sword: while it offers
unprecedented protective capabilities, its effectiveness can be crippled if not integrated harmoniously
within a system. The 2023 compromise of Microsoft serves as a compelling case study.
On July 11th, 2023, Microsoft revealed that a malicious actor had obtained an MSA consumer signing
key, allowing them to forge access tokens for Exchange Online and Outlook.com accounts. While its IT
infrastructure has some of the most sophisticated controls available, the attack underscored the pitfalls
of fragmented security tools. The various components of Microsoft’s cyber defense operated more like
isolated silos rather than a united front. This lack of integration meant that while one security tool might
have detected an anomaly, the broader system failed to piece together these disparate alerts into a
coherent threat picture, rendering timely intervention nearly impossible.
Using our F1 analogy, imagine a car equipped with the latest brakes, a new power unit and fresh tires,
but these components function discordantly rather than working in tandem. Sudden braking might not
correspond with an engine slowdown, causing a wheel to lock up and leading to a catastrophic failure on
track. Similarly, in the cyber realm, the alignment and integration of technological tools determine the
difference between a system that merely looks robust on paper and one that stands resilient in the face
of real-world threats.
In Conclusion
The world of F1 racing offers rich insights for the cybersecurity realm. Both disciplines demand a
harmonious blend of equipment, skill and execution. As digital landscapes become increasingly
treacherous, businesses must ensure they're not just technologically ready to compete. They must also
be fortified with trained personnel and robust processes. After all, in the race against cyber adversaries,
every lap counts, and there's no trophy for second place.
About the Author
Craig Burland is CISO of Inversion6. Craig brings decades of pertinent
industry experience to Inversion6, including his most recent role leading
information security operations for a Fortune 200 Company. He is also a
former Technical Co-Chair of the Northeast Ohio Cyber Consortium and a
former Customer Advisory Board Member for Solutionary MSSP, NTT
Globhttp://www.inversion6.comal Security, and Oracle Web Center. Craig
can be reached online at LinkedIn and at our company website
http://www.inversion6.com.
Cyber Defense eMagazine – October 2023 Edition 107
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.