The growth in widespread, sophisticated attacks
I have been following, with interest, the attacks on the Australian Government which have led to quite a bit of publicity and debate around who the culprits are behind the cyberattacks. Australian Prime Minister, Scott Morrison, confirmed the attacks were widespread across “all levels of government” including in essential services and businesses. In July, he announced that $1.35 billion in existing defence funding would be spent over the next decade to boost the cybersecurity capabilities of the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC). Additionally, the Federal Government wants to create more than 500 new jobs in its highly secretive cyber intelligence agency as part of what its calling Australia’s largest-ever investment in cybersecurity. Organisations
Why Intrinsic Security is so important
But even before COVID-19 hit us, there was no doubt that attacks are beco
What we are also seeing as a result of COVID-19, is that users are having to defend themselves at home and actions taken to ensure business continuity and resiliency only increase the attack surface. So how do we retrofit security onto that? The simple answer is that we cannot – it needs to be built-in… and back to my earlier point – it needs to be intrinsic.
Earlier in the year we attended the RSA Conference and unveiled our vision for intrinsic security, a safer, more effective security built into the fabric of the various infrastructure control points that are vulnerable to attack (endpoint, identity, network, cloud, workload and so on.) Here at VMware Carbon Black, we believe that by building security intrinsically into the fabric of the enterprise – across applications, clouds, and devices – teams can significantly reduce the attack surface, gain greater visibility into threats, and understand where security vulnerabilities exist.
But in parallel to this, security teams must also work in tandem with the business to shift the balance of power from attackers to defenders. They must collaborate with IT teams and work to remove the complexity that is weighing down the current model and way that they do things.
The importance of testing
So why has the industry not addressed this problem until now?
Again, we can make further parallels with COVID-19. We did not know how big the problem was because we were not testing enough, but now we can see all the breaches in our systems that already exist. We did not have the right data to measure, meaning much was being missed. We had some anecdotal evidence but with better visibility, better testing, and an intrinsic approach this has revealed that our historic take on infosec was incorrect. And this lack of data has also given us a false sense of security. As an industry we rush to build technology platforms, and then we rush to launch them, and we do not rigorously test them, only to find these technologies are fundamentally insecure and flawed and this needs to change.
Likewise, in tandem to this change in approach to how we build technology, infosec
So how do we apply that theory to incident response and infosec teams and the modernisation of incident response? Over the last few years, it has become clear that our enemies are emboldened and becoming more aggressive. We must shift thinking and tactics to begin to turn the tide. And I believe it is fundamental that cybersecurity professionals take a page from the annals of a secret service or military agent to better understand how to combat threats. Defenders need to modernise their