The one thing you’re not looking at to stop cyber attacks
It seems like every day now we hear about a new cyber attack. Researchers say it could take years to fully comprehend the Sunburst attack, one of the biggest ever. But, unfortunately, Sunburst is old news now. We’re on to the next – the Microsoft Exchange Server hack, the Facebook hack. Tomorrow: who knows?
New threats created
It’s no secret that online activity has skyrocketed this past year. Personal information and data are being shared and moved constantly through multiple channels across multiple platforms to participate in the new normal Covid has created. But are security solutions keeping pace? It sure doesn’t appear that way.
Cyberattacks are more prevalent than ever. They’re causing more damage, costing businesses more money, and some experts are saying the worst is yet to come. With all the security and protection solutions available – a quick google search will land you results of more than a thousand cybersecurity vendors – why do cyber attacks continue to happen? And can there be anything done to stop them?
Why cybersecurity solutions aren’t working
At one point or another, someone probably had to explain to you Albert Einstein’s definition of insanity: doing the same thing over and over again and expecting a different result. The reason we are in this situation is because we, as an industry, aren’t coming up with solutions that address the problem from an alternate perspective. We are so focused on keeping things from coming into our network that we forget to pay attention to connections being sent out of our network. We are ultimately assuming that everything going out of our network is safe. Because if we create enough layers of security, nothing bad can ever get in, and therefore, nothing bad could ever get out, right? This sounds good in theory, but it is this one-way thinking that has led us to where we are today.
A few years ago, a Bloomberg study showed evidence of chips manufactured overseas containing hidden malware built into the device before being shipped to its final destination undetected. There is some debate on the credibility of this study, but for the sake of this argument, whether it is true or not is irrelevant. What if it were true? What if just one chip had malware? The walls of Troy were strong. They had never been breached. But what took them out? An attack from the inside.
What if we operated on the assumption that our network could never be 100%, unquestionably “safe”? And what would a solution like that look like?
A new, inside-out approach
A typical security solution monitors traffic coming into your network and alerts you if it sees anything that may look nefarious. IT teams must then research these alerts – some companies see tens of thousands of these per day – and determine which of these are valid threats. There are thousands of entry points into your network – that is simply the nature of the beast. The larger the company, the more entry points that exist. And no security architecture, no matter how layered or sophisticated, can guarantee impenetrability.
The inside-out approach assumes the theory that your network will be compromised at one point or another. However, the presence of malware inside your network alone cannot harm you. Malware requires a connection to complete its task. Without an outbound connection, it simply cannot deploy malicious code.
To stop cyber attacks, you must look at both incoming and outgoing traffic.
It is the outbound traffic that ends up taking down the ship. Hackers first accessed SolarWinds on September 4, 2019. It wasn’t until long after the code was removed from their systems that the attack was discovered. Monitoring these connections, identifying bad agents, and disallowing them from sending out “phone homes” is the only way to prevent successful attacks. We cannot prevent attacks from happening, but we can prevent the ability of an attack to carry out its mission. Here’s a quick read on Sunburst and why our customers weren’t impacted.
Looking inward to move forward
Hackers are getting smarter. Artificial intelligence is being used for evil. If you have a network, you are a target. To protect ourselves and our businesses, we must change the way we think about cybersecurity. And, as with many things in life, it starts by looking inward.