Story image

Preventing advanced threat breaches is nothing more than a fantasy

14 Dec 15

2015 was most notably characterised by security vendors claiming to be able to prevent advanced threat breaches when the reality is, they can’t.

It was characterised by enterprises recognising the need to monitor and defend their digital environments differently, but continuing to centre their security programs on the same technologies and approaches they have been using – hoping for a different outcome, but not acting differently. 

2015 saw threats continuing to evolve faster than most organisations’ ability to detect and respond to them. What was considered an “advanced” threat in years past has become a commodity today with sophisticated malware and exploits available for the price of a movie ticket. 

As troublesome as these observations seem, the most impactful evolution goes almost entirely unreported and misunderstood. The threats that matter most, today’s pervasive threat actors execute attack campaigns comprised of multiple compromise methods and multiple backdoors to assure persistence. Incomplete incident scoping has become a critical failure point.

We’re starting to see progress in some areas as security investments begin to shift from a maniacal focus on prevention, toward greater balance on monitoring, detection, and response capabilities. 

It’s become cliche to say that breaches are inevitable and that faster detection and more accurate incident scoping is the way forward, but too many organisations are trying to do these very different tasks using the technologies and processes they have on hand… not designed nor capable of answering their need. Here are some of the emerging trends that our industry and organisations need to be ready for in 2016:

1. Strategic data manipulation and disruption

Organisations will begin to realise that not only is their data being accessed inappropriately, but that it is being tampered with. Data drives decision making for people and computer systems. 

When that data is unknowingly manipulated, those decisions will be made based on false data.  Consider the potentially devastating consequences of misrepresented data on the mixing of compounds, control systems, and manufacturing processes.

2. Increasing attacks on application service providers

As organisations become more comfortable with the “as a Service” model, many of their most sensitive applications and data reside in the Cloud. 

The aggregation of this valuable data from many companies creates an incredibly lucrative target for cybercriminals and cyber espionage. A deeper appreciation of third party risk is needed.

3. Hacktivism and the attack surface

Per my earlier comment, as cyber-attack tools and services become increasingly commoditised; the cost of attacking an organisation is dropping dramatically, enabling more attacks that do not have financial gain as the primary focus. 

Sophisticated hacktivist collectives like Anonymous have been joined by relatively unsophisticated cyber vigilantes.  

Organisations need to realise that financial gain is no longer the only or even the biggest driver of some of their adversaries.  Security operations and risk managers should evolve their understanding not only of the threat, but also of what, why, where, and how they are being targeted.

4. ICS (Industrial Control Systems) pushed to the breaking point

Intrusions into systems that control operations in the chemical, electrical, water, and transport sectors have increased 17-fold over the last three years. The advent of connected and automated sensors with the IoT aggressively exacerbates these issues. 

The growth in the use of cyber technology for terrorism, hacktivists and other actors, combined with the weakness of ICS security generally, combined with the potential impact of bringing down a power grid or water treatment plant (hello, California), makes the critical breach of an ICS in 2016 extremely concerning and increasingly likely.

5. Shake-out of the security industry

Our industry has been awash in venture capital and as a result, foolish investments have been made in strategies and technologies that are little more than snake oil. 

As organisations’ security programs continue to mature, they are learning that claims of being able to prevent advanced threat breaches are nothing more than fantasy.  Expect to see a shake-out in the security industry as organisations maturing understanding of advanced threats increasingly drives their security investment decisions.

By: Amit Yoran, RSA president

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.