As usual, the cyber blame game goes into full swing after a major breach. Although the targeted data breach at OPM is one of the most disastrous breaches, it brings yet another wake up call showing that most companies and organizations are simply not able to detect an active data breach after the initial intrusion. The dwell time for these targeted data breaches is pathetically long and measured in months. Synthesizing common outrage, the Washington Post declared, “This unforgivable failure of stewardship should lead to firings for incompetence.”
How would you like to be in that hot seat? Public enemy number one? Even if it is just your own employees and shareholders that are primarily hurt and angered, do you really want that resting on your shoulders? What about letting customers down or compromising the privacy of individuals? The personal fallout of a major targeted data breach can be immense. Who could stand up to that pressure? Who would want to be in that position?
That pressure and weight of disaster would be plenty of motivation for me to do all I possibly could to stop a data breach before theft or damage could occur. Oddly, that is not the reality with most companies. Nearly every security professional I talk with gets terribly uncomfortable if I ask how confident they are in being able to find an active intruder before it’s too late.
Everyone will agree that prevention cannot be 100% effective—they accept the fact that an intruder will penetrate their network. Some will even admit that one could be lurking there already. But then few will actually do much about it. The sad fact is that most organizations are still primarily focused on perimeter or preventative security. Even the Cybersecurity Action Report from the beleaguered OPM puts very little emphasis on new abilities to detect an active intruder that has compromised perimeter security. Almost all the recommendations in the report bolster infrastructure or strengthen perimeter security, neither of which will stop a data breach.
In the wake of an alarming number of data breaches, some will take steps to procure cyber security insurance and develop contingency plans. Others will develop new strategies for access control and network segmentation. Few actually consider what they could do differently to pinpoint an intruder. Sure, they have systems that are supposed to warn about unusual activity. These typically generate hundreds of daily alerts that are dominated by false positives. It takes an army and a lot of luck to actually find a real breach in the haystack of unproductive alerts.
Others may be stalking malware or looking for signs of malicious software. Ultimately they are searching for known, statically defined technical artifacts. The trouble is malware may not even be involved in a targeted data breach. As these are human-run campaigns, they are likely to be hard to spot if your focus is just technical artifacts. Plus, there is so much malware, and much of it has already made it past the perimeter security before it was identified as malicious. Trying to find a threat actor in such a way will generally be unsuccessful.
So, take the time–right now–today–to consider whether your organization could quickly and accurately detect a targeted attack before damage or theft can occur.
Clearly existing technologies and procedures are not adequate. To what degree have you explored new technologies, such as active breach detection solutions, to see if they are a good match for your environment and can flip the odds on finding an active intruder? If all you are doing is considering purchasing cyber insurance and developing contingency plans, you will likely have to face an unhappy consequence at some point in the near future.[su_box title=”Gonen Fink, Chief Executive Officer, at LightCyber” style=”noise” box_color=”#336588″]Gonen brings to Light Cyber over 20 years of network security expertise, industry and entrepreneurship experience and leadership skills. Prior to Light Cyber, Gonen was founder and CEO of Pythagoras Solar, an innovator of award-winning power generating, energy efficiency windows. Prior to Pythagoras Solar, Gonen was one of the first employees of Check Point Software, part of the core team that developed its flagship firewall product and stateful inspection technology. During a twelve-year tenure at Check Point, Gonen played an instrumental role in building Check Point from an early stage start-up to its Internet security market leader position, fulfilling several pivotal positions including Chief Architect, Vice Presidents of Products and Vice President of Solutions & Strategy. Prior to Check Point, Gonen served for seven years in the Israeli Defense Force’s elite intelligence unit and as a strategic planning consultant to the Ministry of Defense. Gonen holds a B.Sc. summa cum laude in Physics and Computer Science, as well as an M.A. summa cum laude in Digital Philosophy, from the Tel Aviv University, Israel.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.