The Cybersecurity Domino Effect

Written by

Almost 400 years ago, the English cleric and poet John Donne penned these immortal words: “No man is an island, entire of itself; every man is a piece of the continent, a part of the main.”

Sublime as that sentiment certainly is, it also describes the cold reality of today’s business environment—our large, dynamic and complex networks are all interconnected, and all interdependent.

This is why we now see numerous high-profile stories about a breach of one company’s network causing serious problems for others in its supply chain. Strap yourselves in: unless we work hard to make things much better, they’re going to get much worse.

On the most basic level, let’s acknowledge that our supply chains include smaller vendors with less time, money and skills to devote to information security. One breach there and it hits home here. That’s why this interlinked economy is in so much danger of the Domino Effect. More to the point, even the smaller incidents collectively take a devastating toll.

Here’s an idea: It’s estimated that cybercrime costs the economy $445 billion a year. Yet that estimate is already one year old—anyone think it’s gotten better?

The interconnected economy

The economy has always been built on commercial activity—companies partnering and competing with each other to build products that people will buy. Connected businesses can work together more efficiently, and with digital advances we’re connecting more and more. But with this connectivity comes greater vulnerability.

In this environment, a coordinated, sophisticated and large-scale assault will not stay within the boundaries of the company being attacked, since those boundaries don’t exist anymore. It can be immediate or gradual—a solitary threat exposes other vulnerabilities that in turn draw viruses of their own.

A major network disruption at a lone company or network can easily disrupt or even wreak havoc at the local, state, national and even global level—all depending on the target and intent.

This is not just my concern: A RedSeal survey of high-ranking US executives reveals that the whole idea of a domino effect has many professionals worried. A significant 59% of the respondents have the same concerns, and the same number say such attacks will take their toll on “economic security.”

Even if there isn’t one significant event that makes the news, every little nick on a business and its capabilities slows down the economy either through lost business or by requiring investments in loss prevention and security. Unfortunately, in this day and age, an investment in security is essential; it’s just part of the cost of doing business.

Take, for example, the supply chain. A major entertainment company recently told me that it can have up to 10,000 vendors working on a single project. Many of those are surely small businesses whose budgets can’t afford sophisticated solutions and where management doesn’t think about security too much. The 2015 Cisco Annual Security Report agrees, finding that larger and mid-size organizations are more likely to have highly sophisticated security postures.

However, all of those vendors have at least some access to your network. It is entirely too easy for a breach in one of them to provide a pathway into the network. Once the bad actors are inside, they can take their time to learn more and find your weak spots. That’s definitely happening: A Verizon survey found that the average time from breach to detection is nine months.

A Symantec survey backs this up. It found that targeted attacks, which are aimed at certain firms, mostly occurred within smaller businesses, which in turn puts their business partners at risk. Clients of small businesses, for example, usually leave a “back door” into point-of-sale solutions to simplify maintenance and repair. Once criminals are inside, escalation can happen fast.

These days, our economy is essentially all connected via the commercial internet. Networks have been a great boon to businesses, and we are not going back. There are plenty of great products that provide blocks and check points as traffic moves around.

We all have great engineers. But we are all susceptible to the weakest or most vulnerable member in our particular value chain.

End-users need to be trained to become more network and security-savvy. The network is their business, and it’s ours. It’s also your customers’ and your suppliers’ business. Be aware, and help prevent a domino effect. That’s just good business.

What’s hot on Infosecurity Magazine?