When talking about the latest “worst breach ever” event, people usually use the words like “sophisticated” or “complicated.” And while there is no doubt that cybercriminals have come up with more sophisticated and complicated schemes to steal valuable information off the network (anybody’s network), they tend to rely on rather simple entry points: operating systems and software that aren’t patched or upgraded; simple passwords and authentication methods; an employee who has improper access to data.
Yet, while cybersecurity threats and points of entry have evolved over the years, the way organizations approach cybersecurity hasn’t changed much at all. IT departments still tend to put the primary focus of cybersecurity controls on protecting the network perimeter, but, as some of the most high-profile breaches have shown, securing the network alone is no longer getting the job done.
“Securing the network alone was the solution to IT security 10 years ago,” says Sungard Availability Services’ Matthew Goche. “Today’s paradigm includes B2B connections, mobile networks, offsite storage, recovery, data warehousing, cloud computing, SaaS, social media, and the list goes on. With all of this happening, there is no legitimate perimeter anymore.”
Measures must be taken beyond securing the network perimeter to ensure cyber security.
For this reason, security control frameworks and best practices should be broadened out to include web security, end node security, and data security, Goche adds. However, many organizations are still focusing on network perimeter security when building up their security program.
That’s because the widely-held belief in cybersecurity has been to focus on keeping outsiders from getting inside. But incidents like the Sony Sony breach or the Edward Snowden revelations have shown that protecting the perimeter isn’t going to do a thing about keeping insiders from doing serious damage. And in the end, it isn’t really the network that you want to protect: it is the data that can then be accessed.
Think of it this way: a family builds a fence around their house and locks their doors and windows because they don’t want an intruder to get into their home. What the intruder really wants, of course, are the valuables inside the home – money, jewelry, electronics … whatever will be profitable to them after the theft. But the family figures that if the perimeter is protected, the valuables inside are safe and so they do nothing to add another layer of protection, such as installing an indoor motion sensor or a wall safe. If intruders do get in, the valuables are there for the taking. That’s how many organizations are approaching cybersecurity. The perimeter is well protected, but once the bad guys are inside, there is little protecting the valuables: in this case, the data. The time has come to put a greater emphasis on protecting the data first, and then protecting the network. Or, as Goche explains, instead of working from the outside in, organizations should work backwards starting with the data and working outward. This would help identify areas of risk, focal points, and most common use cases.
“It’s all about the data,” he says. “Data must be secured at rest, in motion, through access controls, accounting, and authorization, and in line with regulations. As data moves to users, to business partners, to analysts, the use cases must be understood and then locked down against inappropriate use.”
To better secure the data, IT departments may want to consider reducing the footprint of what needs to be defended. “While we cannot ignore the security perimeter, greater focus needs to be placed on applying security controls throughout our customer environments,” says Ernest Dunn, Director of Secure Networks with Presidio. This includes applying controls closer to the data, on the endpoint and at strategic points on the network.
“The data is what attackers want when they break into customer networks. It makes logical sense to apply additional controls to the actual data. Technologies such as encryption, DLP and access management go a long way to help minimize the impact if a customer is actually breached,” Dunn adds.
This isn’t to say that companies shouldn’t be protecting the perimeter. The old-school methods of having a good anti-virus software and firewall, as well as patching vulnerabilities immediately, will continue to play a vital role in the overall security operation. It’s just that now we have to look beyond the tried-and-true cybersecurity tools.
“Many breaches take place because end users bring unsecured or already-compromised devices into corporate environments and connect them to the network without impediment,” says Dunn. “Too many customers rely on legacy firewalls and desktop antivirus as their primary form of protection, and that is a losing formula.”
Additional Reading:
1. You Can Get Good Cyber Security, But Not At Wal-Mart 2. The #1 Cyber Security Threat To Information Systems Today
3. Get Good Cyber Security: How To Address Your Shelfware Problem
Sue Poremba is an information security writer based in Central Pennsylvania and the author of, “The Phillies Fan’s Little Book of Wisdom.”
