In 2016, the gap between threat actors and the cybersecurity industry will continue to expand. The security industry continues to fight the cyber battles with strategies that are 10 years old, while threat actors change their strategies on a monthly basis.
This situation isn’t given the attention it desperately requires. As a global online community, we are unable to take the proper initiative against the threats, because we refuse to get to the root causes of the problem: poorly designed software, operating systems and hardware where security is an afterthought.
As threat actors evolve and extend their battlefields, the cybersecurity industry is unable to keep up no matter how much it leverages artificial intelligence and big data. The broader security industry has yet to embrace a data-centric security architecture; they are still attempting — and for the most part failing — to protect an un-defendable network architecture.
Security leaders and professionals remain entrenched in the losing security battles of 2005 — securing user environments instead of protecting data and searching for anomalous activity between applications and databases.
Big Data Versus Right Data
In 2016, it will be critically important to be educated on segmenting data and managing control. It’s not about big data. It’s about the right data. And the right data is determined by knowing which type of data the threat actors target. To identify data that will most likely be targeted, organizations need to begin thinking about their data from the inside out, not the outside in. Only then will organizations be able to close the gap with threat actors.
The Contested Space
In direct correlation with the right data, it’s time to assume that your user environment is contested space. What does this mean? Simply, you operate under the premise that threat actors can and do have access to your user devices. With this understanding, drive an architecture discussion to help reduce your surface attack area and focus security efforts on defending the most critical data.
There are any number of ways to execute this component of the strategy. Which you choose will depend on your industry, compliance regulations, business objectives, and more.
Social Engineering Still Paying Dividends
If it remains broken, keep exploiting the hell out of it. That’s the mantra of today’s threat actors, who continue to employ social engineering tactics to help execute their nefarious objectives. It’s definitely not advanced, but people remain the weak security link and are the easiest targets to exploit.
The industry’s investment and implementation of security technology has also given end-users a false sense of security. They wrongly assume they can trust advanced security controls to protect them and not pay attention to best practices and common sense. From there, they are easy social engineering targets.
With this understanding, threat actors are leveraging low-tech approaches (phone calls, physical impersonation, etc.) to overcome high-tech challenges. And their past successes (Anthem, Community Health Systems, U.S. Office of Personnel Management) give them additional context and personal information to launch even more sophisticated and highly targeted social attacks.
Learn from Success, Failure
Successful events have occurred in your environment. Even the most secure infrastructure has been breached. It’s what you learn from these successful events that help you understand how threat actors plan, execute, and evolve.
This seems like it would be a cornerstone to any sound security strategy. Why isn’t it integrated into routine security processes more often? Typically, it comes down to a simple lack of resources. Understaffed and overrun IT teams are trying to analyze every piece of threat intelligence — likely in a losing attempt to defend 100 percent of the organization. The likely result is they never have the opportunity to learn from experience.
Threat actors are sophisticated and evolve at an amazingly rapid pace. If we’re not learning from both failed and successful attacks, it makes their malicious activity that much easier to execute. If not corrected, this losing strategy will benefit malevolent hackers far beyond 2016. And the security gap will widen that much more.
Jeff Schilling is the Chief Security Officer at Armor.
