Changing Threat Landscape Demands a New Paradigm of Cybersecurity

Imagine being the CEO of a well-known global company in Europe and taking an emergency call from your CIO and CISO. They inform you that an insider has been stealing confidential information and using your IT network to exfiltrate sensitive data to attackers halfway around the world. Then imagine your reaction when they tell you the insider stealing your data is the HVAC unit installed on the roof of your building. 

That actually happened to a company we know. Their approach to security has changed. The threat landscape is changing rapidly for everyone. Are you changing with it? 

Trust Nothing on the Inside 
To prevent such data breaches, stop trusting anyone or anything on your network just because it happens to be behind your firewall. Network location no longer determines what or who to trust in the era of cloud computing. As research firm Forrester points out, yesterday’s idea of a corporate perimeter has become “quaint, even dangerous.” A new world of “zero trust” demands a new paradigm for security. 

More than half of data breaches today are actually triggered by a trusted insider or trusted device coming into contact with something nefarious on the outside. Let’s say an employee unwittingly clicks on a compromised link in an email. There might be no malware in the email, nothing downloaded.

But click on the wrong URL, and an attacker could gain access inside your network to exfiltrate data or destroy an internal application. 

Don’t assume that your internal applications are safe just because they reside on the inside. You need to protect them just as you would protect your consumer-facing apps. You would never think about standing up an app to the outside world without installing all sorts of protections against likely threats. Yet, internal apps can be vulnerable when employees click on that malicious link no matter how many training classes you put them through. Zero trust architectures grant access to internal applications only after users can be verified — on a need-to-know basis — and close off access when security has been compromised. 

Stop Bot Armies by Looking More Closely at the Device 
Security has become even more challenging with the proliferation of bots. We don’t often stop to think about it, but the majority of online transactions are generated by machines rather than humans. Many bots are relatively harmless, from searches for online content to making sure your partners are in synch with the latest updates to your website. 

Yet some machine-generated transactions can be quite costly. For example, account hackers have become masters at using bots to launch fraudulent login attempts by the billions. They steal login credentials from one place and, knowing most people use the same password for multiple sites, they keep using the same key until they find another door that it opens. They don’t use malware to gain access. They simply log in using stolen credentials, in a way that looks perfectly normal to a traditional perimeter defense. 

Bots can also be used for many other nefarious purposes. For example, buying up all the seats to a popular show and then reselling them at a higher price. This so-called “inventory grabbing” is a tactic of scalpers when tickets go on sale for big-time sporting events or pop concerts. It is also now happening to e-retailers. We recently saw a highly sophisticated bot attack that was designed to buy out the inventory during a promotional sales event, only to resell the goods at higher prices on the grey market. In this attack, the bots bombarded the site with 800,000 transactions per minute — 100x the normal rate. 

Since such attacks are often launched from unsuspected (but compromised) machines, they are very hard to thwart using traditional methods, but the latest technology using machine learning and artificial intelligence to analyze the motions and actions on the requesting device (e.g., looking for a uniquely human neuromuscular signature from an actual end-user) has been successful in stopping the most sophisticated account hackers. 

Defend the Core at the Edge 
The growing challenges with cybersecurity are further compounded by the Internet of Things. Billions of devices are coming online that contain a full communication stack, advanced CPU, and command and control software logic that make them vulnerable to becoming hijacked and remotely controlled by attackers.

Many of these devices (e.g., video cameras) are installed with little to no security, and many come equipped with well-known factory default passwords that make them easy to exploit and manipulate. 

Not only can such devices be turned into bots easily and in very large numbers, they also have access to enormous amounts of bandwidth. We recently encountered one attack that hurled more than 1.3 Tbps of traffic at a single site.

To provide some context for the scale of this attack, that is more than enough to overwhelm any cloud data center and even enough to swamp the capacity of the Internet infrastructure that connects many developed countries. 

Attack sizes could continue to grow much larger in the future, as devices without sufficient security are increasingly connected to the enormous amount of bandwidth that exists at the edge of the Internet (e.g., homes, offices, schools). 

The only way to defend against such enormous attacks is to deploy the defenses at the edge of the internet, where all the capacity (and many of the compromised devices) are. If you try to defend yourself at a data center or within a single network, it will be too late: the internet around you will already be congested by the attack traffic. This is why it is important to leverage a cloud-based security solution with sufficient defensive capacity at the edge of the internet. 

It’s Time for Change and You Can’t Go It Alone 
As the threat landscape evolves, your security strategy must evolve with it. If you are relying strictly upon firewalls and traditional data center defenses, your sealed bunker isn’t as secure as you think, and it can be overwhelmed. You can no longer trust “insiders” and you can’t go it alone. The threat landscaped has changed. Have you?

What’s Hot on Infosecurity Magazine?