Cyber adversaries are not standing still. New attack vectors emerge as quickly as new technologies arrive on the market. The instant products hit the market, hackers are checking them for vulnerabilities they can exploit. Every new device, every new cloud application, every new service and every new user is a potential route into your system.
If your cybersecurity is not keeping pace with your business, then you’re falling behind and piling up technical debt faster than you can pay if off.
Here are four ways cybersecurity is changing right now – and what system owners have to do to keep up.
1.Expanding Attack Surface
We used to be able to isolate and protect our perimeter with air gaps and moats to protect our networks from attack. As long as employees were situated inside the building to connect to our systems, we could keep adversaries out.
Now we live in a hyper-connected world. Employees expect mobile access to work files and data; citizens and businesses expect self-service processes online. Systems that were never built to be accessed externally now feed data to web applications and interfaces through APIs and microservices. Cloud-powered web apps connect on-premise data centers with hybrid cloud environments.
The net effect: Agencies must protect much larger and more complicated attack surfaces than ever before.
This is where the idea of “zero trust” comes in. Vectors enter your network and organizations need to verify where they’re coming from, their intended purpose and if they’re trying to deviate to something else. It’s not enough to just check what is connecting to your network – you have to adjudicate every transaction, every request for data.
Exploits take something allowable and try to manipulate it to doing something nefarious. With a “zero trust” model agencies can gain the upper hand on exploits.
2.Identity is Central
As technology evolves from a classic setup to API-driven Software-as-a-Service models, so does the need to secure multiple environments. All those services and platform connections mean that understanding who’s who in our network has never been more critical. In a mobile, interconnected world, every additional linkage is a new seam that adversaries may seek to exploit.
Yet don’t think those exploits will all be technical in nature. Adversaries are constantly on the lookout for inadequate security settings as well as design and programming flaws. Yet the most likely exploits still involve humans. Phishing and social engineering techniques are popular because they cost little and can deliver a treasure trove of advantages to the attacker. In IT, identity is the key to access.
The more an enemy can learn – not only about you, but also your friends, family, work relationships, hobbies, favorite teams, home town, alma mater, pets – the easier it is to get your access credentials. But as every chief information security officer knows, balancing identity controls is delicate. Make those controls too weak and adversaries can take advantage; make them too strong, however, and staff will find workarounds that are inherently insecure.
Security can be advanced through multifactor authentication that includes biometrics, such as finger prints, facial or voice recognition or even gait analysis, along with the ability to add non-intrusive identity checks through the day as needed. System users can be consistently and non-intrusively validated. Imagine if, when users leave the office, access from their local internal account could be automatically disabled; or imagine if, as they type, we could definitively confirm it is them typing. We have the technology to do that now. Today, we can tie role-based access controls to people, location and time – and validate identities with biometrics and sensors.
3. DevSecOps: Security is DevOps Middle Name
Software development is all about speed and agility. But speeding up development without tying in security gets us nowhere faster. What good is it to have two-week development sprints, only to find major security vulnerabilities at the end of the process, just when we were ready to push it into production, or worse after the vulnerability has already been exploited.
DevSecOps has replaced DevOps as the prevailing modus operandi in software development. DevSecOps puts security where it needs to be – in the middle of the build process, rather than at the end.
We have seen cases where malicious versions of open-source code were accidentally incorporated into new projects using conventional DevOps processes. Developers download a piece of code from a library to help with a calendar application, for example, but instead of grabbing the clean code they wanted, they use something that’s been manipulated to look like newer version with malware built in. By the time they realize what’s happened, the software is in production, and adversaries are crawling through networks and transferring data back home.
At GDIT, we’ve developed our own DevSecOps tool chain to ensure both static and live code analysis takes place long before software makes it to production. In the development cycle, it’s a potential vulnerability, but it’s fixable; in production, however, it is more than a vulnerability – it’s a liability. Our DevSecOps process saves time and money, because it avoids the costs related to reengineering something that’s gone through a traditional waterfall cycle. It’s more efficient and cost effective to detect and fix issues in the development process.
In the cyber world, adversaries are attacking at machine speeds, so we need machines to police it. Cyber defenses produce a constant flow of warnings and alerts, and humans are easily overwhelmed. An automation strategy is now critical to staying ahead of attacks.
Machine learning (ML) and deep learning artificial intelligence (AI) tools are vital to this process. If you’re not using ML and AI today, organizations need a plan to do so in the future. The volumes of threats and attack vectors are now too plentiful for human defenders to keep pace. They need automation.
Machine learning can identify threats and can cut through the noise by understanding what constitutes normal in your environment and what constitutes as abnormal activity. AI takes that a step further by adding additional data sources and context; while machine learning will recognize an anomaly when a CPU is suddenly running at 99 percent of capacity, AI can go to the next level and recognize the anomaly is actually an event.
AI pays for itself by connecting dots faster than people can. If your environment is dealing with an advanced persistent threat, people can identify the problem, but it will still take time to respond; AI promises not only to recognize the attack more quickly, but to take decisive action in response before the attackers get what they want.
Information technology will continue to evolve rapidly and cyber defense must evolve just as fast – if not faster – to stay ahead of risk. Each new technology is a two-edged sword, on one side full of promise and the other a potential vulnerability. Cyber is forcing a culture change and security technology has to evolve to keep up. The only sure thing in cyber is change itself. There can be no standing still. Threats are everywhere. We must be focused and dedicated to stay ahead.