Benjamin Franklin had it right so many years ago: “An Ounce of Prevention is Worth a Pound in Cure.” An ounce of prevention in cyber security is now a requirement. Due to the number of cybersecurity firms that have entered the market in recent years, it is evident that all industries are reaching a level of heightened anxiety. Some organizations are on alert because they know their networks have already been targeted by state-sponsored hackers, others know their executives are being targeted by fraudsters, and yet others are worried about insider threats and intellectual property theft.[1]
The level of anxiety depends on the organization and the solutions for it depend on what cybersecurity company they are using or considering buying. There is a wide variety of services available, some deal in improving threat response, while others solve specific problems, such as detecting and remediating malware attacks.
While awareness and vigilance are not the biggest worry today, the real issue we now face is that all these security companies are focused on dealing with security after the fact, once indicators of compromise have surfaced. It is too late to react after the damage has been done by the cyber actor. The latest annual IBM Cost of a Data Breach report found the cost of a data breach has hit a record $4.35 million on average, and that does not even account for all the damage to reputation and other intangibles that can follow a cyberattack.
Prevention is the key factor when it comes to cybersecurity. Companies need to place a stronger focus on prevention, just as they now dedicate to detection and response. To make a difference in cybersecurity, rather than deal with incidents after they have already occurred, defenders need to prevent them, meaning to fight the disease, not its symptoms.
Many companies have embraced Zero Trust architectures as a prevention tool, but zero trust has become so prevalent that it has lost some of its stopping power. Everyone has a different definition of what zero trust is to their organization, and the bad actors are finding ways around the certificate handshakes and verifications that make it work.
Zero trust has fallen out of the realm of prevention. If your security’s starting point is denying access to everything and working up to the necessary access, normal business operations become too hard to manage. You trade off a sense of security for endless configuration and maintenance. It is like a treatment on an exclusion diet, an endless process of adding one thing at a time until the patient gets sick (enough) to identify what the problem food could be.
Closing any/all access to attackers is critical, but how do we make sure that this does not happen again? Few security companies or software tools take this proactive approach. That is the problem with the cybersecurity industry. Investors are putting money into a lot of tools that will not address prevention. In medical terms, it is as if we searched for a cure for cancer by investing in chemotherapy and radiation, instead of researching what makes cancer cells mutate.
Most security staff spend their days on watch for alerts, chasing down and patching software vulnerabilities and resetting suspect credentials. We need to free them to become more proactive so they can focus on prevention, at a time when security operations centers (SOCs) are already operating low on staff, due to the shortage of cybersecurity talent and employee burn-out.
Since most business and productivity tools used by organizations are now accessed through a web browser, it has become a gateway to the network and a target for bad actors. One technology is remote browser isolation, or RBI. It executes web applications in the cloud, so attacks only affect a temporary browsing instance that is terminated once the user closes it. This approach ensures that any malware does not affect a company’s systems, and attackers cannot learn anything about its IT attack surface because they are only able to see the isolated session. Since RBI is essentially transparent to users, it does not rely on them being hypervigilant or to always make the right security decisions. This also means that security teams can stop spending all their time on user training and making endpoints bulletproof, and can focus on other work to add defense in depth inside the network.
To help defend against cyberattacks, a stronger emphasis on threat intelligence can help with prevention. We know that threat actors’ are endlessly mutating their tactics and techniques, like aggressive cancers. Knowing what to look for is the first step to heading off attacks before they present in your network.
There are many excellent researchers and services working to identify and publicize threats. Armed with advanced network monitoring tools and algorithms for parsing data, researchers are increasingly producing better and more actionable intelligence about who the bad guys are and how they operate. In addition, they are able to identify the infrastructure belonging to threat actors, sometimes before they even use it. Since this intelligence can be consumed by many security products, it can play an important role in helping organizations proactively head off and mitigate threats.
The ability to receive notifications of cyber threats before they breach the network is an existing method to avoid cyberattacks. If the notifications can be loaded in the clients’ SIEM and blocked/blacklisted the client can avoid the cyberattack before it happens. What is the value to an organization of a cyberattack that never took place? IBM has stated that it is worth on the average $4.35 million. Is it worth that much to the reader to contact Red Sky Alliance and see how inexpensively and easily the RedXray service https://www.wapacklabs.com/redxray can be added to your organization anywhere in the world without requiring any hardware or software to be installed or even a network connection. The future of cyber threat intelligence is already a reality at Red Sky Alliance.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.securityweek.com/future-cybersecurity-prevention
Comments