Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/7/2016
10:30 AM
Dotan Bar Noy
Dotan Bar Noy
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

A Holistic Approach to Cybersecurity Wellness: 3 Strategies

Security professionals need to rely on more than 'vaccinations' to protect the health and safety of company systems and data.

As humans, we try and do everything we can to keep our bodies healthy. We do our best to follow preventative measures like taking vitamins or getting vaccines. We try and eat right to keep our bodies functioning as attended. If this preventative approach can work for the human body, maybe it’s an approach worth trying in enterprise cybersecurity.

Looking back at the online attacks of 2016, we have had a mixture of a strong flu season (new strains of the same old viruses) along with some more exotic Zika-like threats that are still being figured out (ransomware variants). Like any natural virus, a cyber threat only has to work at a low percentage to be successful. If a virus is too powerful, the infected don’t live long enough to pass along the disease.

In the cyber realm, if we could, we’d all probably just turn off our computers for a while until the threat is neutralized. But seriously, when a virus or threat fails, there’s a low chance of its survival. But because threats only need to have a successful attack at a miniscule percentage, cybercriminals can effectively prey on weak links for continued adaption and spreading.  

The comparison between viruses in the cyber world and the natural world can also be extended to the approaches used to combat them.

Vaccination
When individuals are vaccinated against a disease, they gain an adaptive immunity. As more threats are identified, more vaccinations are needed to build on that immunity. In the U.S. healthcare system, this involves coverage for about 15 viruses. But for a computer or network to be vaccinated against all threats, it would require millions and millions of “immunizations” in the form of signature or behavioral definitions. Humans add new layers of adaptive immunity over time, whether through boosters to old immunities or new treatments. In the enterprise, the information security department is constantly patching and updating definitions to stay ahead of the evolving threats, or adding new layers of protection.

For computers and humans, the concept of immunization requires knowledge of the threat. This means there is always a gap between emergence and recognition that allows a virus to proliferate. The consequences can be severe, which is why it’s important to do more than rely on immunity to stay healthy.

Wellness
In addition to vaccinations, people try to live a healthy lifestyle, which could include exercise, meditation, and proper nutrition. The reasoning behind this is that by adequately supporting the different systems of the body, we can better fight off viruses, bacteria, and other threats. In the enterprise, it’s equally important to build up healthy habits to try and prevent problems.

Cyber attackers are becoming increasingly sophisticated at staying ahead of defenses, making the vaccination approach less and less effective. Instead, companies need to look at three strategies to promote a holistic wellness in their approach to cybersecurity:

1. Educated Employees
Enterprises are often quick to blame individual employees for cyber attacks because they were the ones who clicked the link or downloaded the malicious file that set off the attack. But, attacks are becoming so advanced and well-disguised, that it is increasingly more difficult to distinguish the real from the fake. Instead of blaming the employees, educate them. Feed them with the basic knowledge they need to protect themselves from potential attacks. Of course, it is impossible for every employee to be expert, but by having a basic knowledge of what to look out for, they can better protect themselves as well as the enterprise.

2. Advanced Prevention
Cyber threats present a fast-moving target for detection-based solutions, so enterprises need to move beyond traditional approaches that adapt to different threats – or simply treat everything as a potential vehicle for an attack. There’s often no need to get rid of the “basic” security in place as each layer can share the load and help reduce demand on more compute or human-resource intensive platforms.

If a company can reduce the workload on their sandbox solution, for example, the cost savings alone could pay for a new, more advanced layer. The disadvantage of having many solutions is the need to manage all of them. So security teams need to understand to which category a solution belongs (endpoint, gateway, etc.) and what are the real problems it solves. You need to be efficient and look for the most coverage from the least amount of solutions. While some overlap is good and will happen naturally, the wider the risk coverage (data source and threat), the better.    

3. Faster Recovery
It is impossible to be 100% secure, so enterprises should be hedging their investment in security by adding tools that address remediation and recovery. Whether that involves backing up files to speed recovery, investing in better network segmentation to limit damage, or protecting against data loss, these efforts will help decrease the cost of a breach and minimize lost productivity.

Even the most effective vaccinations can fail if the overall health of the patient is poor. By looking at enterprise security holistically and developing a sense of cyber wellness, companies will be better prepared for the challenges to come.

Related Content:

Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business. Click to register.

Dotan Bar Noy Lt. Commander Israel Navy. (RET) is the CEO & Co-Founder of ReSec Technologies. He has more than 10 years of management experience in technology and software companies. Prior to founding ReSec, he served as Director at Issta (listed ISTA.P), CEO of G.F.A. ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kbannan100
50%
50%
kbannan100,
User Rank: Moderator
7/7/2016 | 1:18:14 PM
Spot on
I love the way you compared IT security to the security of the body. I also think that in IT, like in medicine, you have to look at where an infection can enter. Sure, you want to cover the most common entry points -- in a human: nose, eyes and mouth and in an IT network PCs, laptops and other endpoints. But then you have to think about the less common entryway. Humans can get an infection by getting bit by a bug or getting a scrape or a cut. In an IT network you have to cover lesser-known entry points such as printers or even IoT devices such as HVAC. 

Really great points! Thanks again! 

--Karen Bannan for IDG and HP
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...