While it’s never perfect, it can always improve.
You may have heard that there was a recent breach at a major cell phone provider, exposing the personal information of approximately 40 million people. And what was the public response to this outrage? they yawned.
That hack was just one of thousands of publicly reported breaches in the first six months of 2021, hacks that exposed a total of 18.8 billion records. Most never made it to the evening news. Apparently even the criminals are getting bored. Reuters cited a Vice report that said the vendor had been offering data on 30 million mobile phone victims for 6 Bitcoin, or around $270,000. However, later reports suggested that the asking price had plummeted and the entire data cache was being downloaded for just $200.
With so much data theft, even a heist as massive as that doesn’t raise much public concern. But getting used to the loss of privacy and getting bored with leaks of personal information is in itself a great danger. This is because ignoring data breaches ignores the fact that in the United States today, almost everything is connected to the Internet and therefore susceptible to attack. Advanced hacking tools, including many developed by US intelligence agencies for their own espionage purposes, have been stolen and made available to hostile countries. In some cases, they have been sold to criminal companies through the dark web. These exploits not only have the ability to siphon your personal information, but can also be used to shut down the power grid, computer networks, air traffic control system, banks, water treatment plants, factories, communications and just about everything else. .
In a well-researched recent book with the ominous title “That’s how they tell me that the world ends,” New York Times Cybersecurity reporter Nicole Perlroth explored the secrecy market for zero-days — unpatched vulnerabilities discovered in commonly used software capable of providing covert access to a network — as well as add-on software created to exploit those flaws. Sometimes those tricks actually string together a series of zero days. And hostile nations are eager to acquire these tools. But while the offensive capabilities they present are enormous, at least in the United States, they have not been matched by developments to defend against them: a dangerous imbalance.
Yet despite growing public indifference, corporations and other organizations with operations vulnerable to disruption are taking cybersecurity very seriously. Security budgets have increased. Cybersecurity specialists are in more demand than ever. And security-related software is selling very well. Those are all good things. But there is also a downside: As more security tools are deployed and multi-vector attacks become more sophisticated, the number of alerts continues to rise. But not everyone reaches the same level of attention from the staff.
In that sense, it’s similar to the problem with automatic fire alarm systems in many commercial buildings, which react to a wide range of potentially threatening events, including minor ones. Whenever something triggers them, local firefighters are forced to suit up and respond. However, the incidence of actual fires associated with those alarms is typically only about two percent. Particularly for volunteer fire companies, that high rate of false alarms is quickly out of date. The problem is that two percent can be devastating and therefore cannot be ignored.
In the IT world, it’s the same. More than 2,000 cyberattacks per day were reported to the FBI last year. But that doesn’t include the much larger number of unreported attempts that were thwarted by various defense mechanisms. An NSA data center in Utah, for example, is experiencing an astounding 300 million hacking attempts every day. That massive volume of alerts can easily overwhelm staff, preventing security teams from investigating the alerts that really DO matter.
Because sorting through a flood of alerts can be exhausting, SIEM software systems, or Security Information and Event Management, also known as Threat Intelligence Gateways, have become particularly valuable. These are systems that block known bad IP addresses and then learn by simulating attacks on the organization’s production network, essentially training themselves to detect and interpret unusual patterns associated with attacks. As a result, security teams can prioritize their efforts by eliminating low-risk threats and focusing instead on the telltale signs of serious compromise. The result: faster contention and shorter resolution times.
But while smart software advocates may be great, promoting good digital hygiene throughout the organization will always remain valuable. Strong passwords, multi-factor authentication, zero-trust access, and phishing alertness are some of the more well-known defensive methods. Everyone can help. But as the Solar Winds debacle demonstrates, even when you do everything right, malicious code can sneak into your network, sometimes lurking undetected for months before activating and causing damage.
With that in mind, this is how I think companies should view cybersecurity:
1. Nothing is completely safe
2. No organization is too small to be hacked
3. There is a high probability that some of your information has already been stolen
4. There is nothing you can do to prevent a persistent state-sponsored hack
5. However, there are significant steps you can take to deter or block criminal hackers.
6. Plan ahead for how you can respond if you experience a cyberattack
Cybercriminals and malicious hackers have been very creative in finding ways to manipulate people and technology to steal data, infect systems, and take control of assets. As a result, defenses against cyber attacks continue to change. Security isn’t a one-time proposition – it’s an ongoing process, and despite what different vendors tell you, it’s not easy and it never ends. But no matter how far you are from having a perfect system, or how close you are to achieving it, research is always an essential and valuable investment of your time.