
Cyber Security as Usual
More cyber security is better cyber security?
The reality: More traditional cyber security (such as antivirus and firewalls) is a poor choice for a CEO. It usually costs more time, money, and personnel, but doesn't always deliver better security. Security teams need to get training, build up expertise, and often interpret alerts from new security tools, and end up with diminishing benefits because of the increase in false positives.
Better technology provides better security?
The reality: Only up to a point. Cyber attacks are masterminded by people. People will always find ways around static technology. CEOs should install an Adaptive Defense approach that includes technology, intelligence, and expertise to successfully combat modern cyber threats.
Detection and prevention are the primary measures of success for security?
The reality: CEOs and CIOs need to shift the security mindset to include the entire threat life cycle. Better measures of success include:
Number of incidents resolved
- Speed of incident resolution
- Potential business impact of the incident
Sound measures of success, strong technology, timely intelligence, and knowledgeable experts are the cornerstones of security investments that will pay off for your organization in both the short and long term.
Costs Due to Deficient Security
When a breach occurs, it means your security failed. These questions will help qualify and quantify the cost of that failure:
- How efficient are you? How many false positives distract your security team, and how many actual cyber security incidents do you uncover?
- Are you prioritizing correctly? How many cyber security incidents have an actual business impact and qualify for further investigation?
- Are you learning about your attackers? How many cyber security incidents can be fully investigated to determine threat actors and/or motives?
- What is your security protecting? How many of your solutions actively support a security policy or protect a quantifiable business asset?
Costs Due to Consequences of the Breach
After a data breach, you need to figure out exactly what you will lose, how much, and what to do about it . These questions will help you calculate business losses:
- How much money will you lose based on the information such as intellectual property (IP) or personally identifiable information (PII) lost through the data breach?
- How much money will you lose to notification costs, lawsuits, fines, audits, and brand damage when the data breach becomes public?
- How much time will it take to resolve the breach--to identify and address all affected systems, and respond to attacks?
- How much will you be fined if your security practices don't comply with security policies and requirements?
Cost Analysis is a Habit
Although many security experts only ask these questions when the first set up their security programs, analyzing your costs is an ongoing process. By staying alert to changes in the cost of a data breach, you get a better sense of when and how your security programs need to be revisited or updated. This, in turn, will strengthen your security posture to manage and resolve future cyber threats.
A zero-day exploit: an advanced cyber attack defined
A zero-day vulnerability, at its core, is a flaw. It is an unknown exploit in the wild that exposes a vulnerability in software or hardware which can create complicated problems well before anyone realizes something is wrong. In fact, a zero-day exploit leaves NO opportunity for detection... at first.
A zero-day attack happens once that flaw, or software/hardware vulnerability is exploited, and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability, hence “zero-day.” Let’s break down the steps of the window of vulnerability:
- A company’s developers create software, but unbeknownst to them, it includes a vulnerability
- The threat actor spots that vulnerability either before the developer does, or acts on it before the developer has a chance to fix it
- The attacker writes and implements exploit code while the vulnerability is still open and available
- After releasing the exploit, either the public recognizes it in the form of identity or information theft, or the developer catches it and creates a patch to staunch the cyber bleeding.
Once a patch is written and used, the exploit is no longer called a zero-day exploit. These attacks are rarely discovered right away. In fact, it often takes not just days, but months, and sometimes years before a developer learns of the vulnerability that led to an attack.
Recent Zero-Day Exploits
Standard defenses are powerless against zero day threats
Zero-day attacks are cyber attacks against software flaws that are unknown and have no patch or fix.
It’s extremely difficult to detect zero-day attacks, especially with traditional cyber defenses. Traditional security measures focus on malware signatures and URL reputation. However, with zero-day attacks, this information is, by definition, unknown. Cyber attackers are extraordinarily skilled, and their malware can go undetected on systems for months, and even years, giving them plenty of time to cause irreparable harm.
Based on recently discovered types of zero-day attacks, it has become apparent that operating system level protection is becoming less effective, watering hole attacks are becoming more common, and cyber attacks are becoming more sophisticated and better at bypassing organizational defenses.