Cybersecurity – It Takes an Engineer to Catch an Engineer

Written by

The explosion and exponential rise in global data breaches and malware attacks has become unprecedented and dangerous. Collating facts and figures on how many attacks makes for an interesting read, but it doesn’t solve the problems. 

It’s fair to say the security industry hasn’t been shy attempting to solve these problems, but to be equally fair, they don’t seem to have made much progress thus far. Not wishing to be too critical of the security industry, and may they continue with their honorable quest, but it’s most likely they’re suffering from professional blindness where these problems are concerned.

Billions of dollars are invested annually in cybersecurity R&D and this investment is predominantly in the area of user authentication techniques - commonly referred to as Identity Access Management (IAM). The industry is convinced by investing more time and money on enhanced IAM techniques, that this strategy alone will solve the problems of data breaches and malware attacks. Well, who do they think cyber-criminals are – aren’t they users too? When data breaches occur, doesn’t that mean that cyber-criminals were already in the system and well beyond the IAM check point!

User authentication is crucial as a primary defensive strategy, but alone it’s not enough. We must ally to this a new secondary defensive strategy that is not user centric.

I’ve enjoyed a long career in IT for over 40 years, and mine is not an idle solution for it has undergone several years of critical thought and design since I began this work in 2014 when I realized it’s not so much how cyber-criminals succeed with their system intrusion; it was more about the methods they use to steal the information for example.

When I discovered a method to prevent a data breach, I also solved another problem - how to expedite the prevention of malware/ransomware attacks. When a data breach occurs, it signals that cyber-criminals managed to gain access to our computer systems.

It`s a little late to speculate how they gained accesses, but just as we can never eradicate household and commercial burglaries, we must accept henceforth that cyber-criminals are quite capable of penetrating our finest defenses. Once we accept this fact, then the issue before us becomes how best to defend against this unwarranted and damaging intrusion? 

Computer systems today play host not only to legitimate users, but equally to cyber-criminals masquerading as legitimate users. Cyber-criminals inherit the same database access rights for example as the user accounts they’ve attained, and if these accounts possess super-user credentials then all database security provisions are rendered ineffective.

It’s not necessary to have super-user credentials as all the accessible databases have a minimal read authority ascribed to them – and that is all the cyber-criminal needs.

Cyber-criminals are after our prized informational assets and prefer to access these directly for example using SQL/Excel (and similar) as opposed to end user applications for these don’t ordinarily provide data download facilities. It’s common practice for users to download a database into an Excel spreadsheet and email it outside the organization. Well, if users can do this so too could cyber-criminals.

We now have our first clues to cyber-criminal behavior patterns, and we can use this knowledge to our advantage. What do you envisage would happen if we block access to SQL/Excel? Well, the first thing that will happen is we shall deprive cyber-criminals of their modus operandi.

However, we don’t wish to deprive everyone else’s access, so we need a new calculus to overcome this dilemma, and I now possess the patented designs for this new calculus which also includes an expedient method for automatically building the whitelist thus preventing malware/ransomware attacks. 

The OS is the integral system application catering for all requests, including user sign on, program execution, database access and so on, so doesn’t it make sense to build security defenses at the OS level? Whereas third party security products are useful in facilitating security administration functions, the underlying defenses must be positioned within the OS and certainly out of reach of cyber-criminals, i.e. no “back-doors”. 

If we’re committed to the future defence of our computer systems and informational assets, then we must embark on a giant leap in grass-roots OS innovation and stop blaming the Security Administrators – it’s not always Pilot-Error!

What’s hot on Infosecurity Magazine?