This is an ongoing series of guest blogs written by TAG Cyber analysts in conjunction with various members of our SPHERE team. Offering insights from the perspective of the professional industry analysts combined with a technology company focused on the goal of establishing cyber hygiene. This article comes from a fearless leader, CEO & Founder of TAG Cyber, Edward Amoroso.
If there is one accepted constant in our cybersecurity industry, it is that cyber threats never remain constant. In fact, the only truly predictable aspect of the cyber-attack environment for businesses and government is that nothing seems to stay the same. Threats continue to change and predicting the next threat . . . is tough.
Early cyber threats involved viruses and worms. This transitioned to network-based attacks such as DDOS and botnets. This, in turn, transitioned to application-level threats targeting credentials and identities. Present threats are now extending identity-based attacks to target sensitive data. And so it goes – on and on, always changing. The best advice we can offer from a TAG Cyber perspective for cybersecurity practitioners is that while predicting the next Big Cyber Threat might be a difficult (even intractable) task, it is possible to identify certain themes that can provide major hints as to the best defensive strategies to develop. We list some of these observed themes below.
First, we’ve noticed that during every generation of cyber threat, the problem of poor hygiene has been at the root of the exploitable vulnerability. While it has not always been called hygiene, this issue of poor configuration, sloppy administration, and complex infrastructure has been a common weakness in organizations that have been successfully attacked.
Second, we’ve noticed the on-going role that credentials and identities have played in every generation of cyber threat. Whether the threat involves viruses, botnets, or application-based attacks, when credentials and identities are improperly managed, the associated risk has seemed to skyrocket. These are certainly points of vulnerability.
Finally, we’ve noticed that organizations tend to be more vulnerable to cyber threats when the culture does not include a top-to-bottom emphasis on cybersecurity. To handle attacks from both external actors and compromised insiders, companies and agencies need good security coordination between management, operations, and staff.
These observations suggest that despite the on-going changes in cyber threats referenced above, there are good strategies that exist for organizations to minimize their risk to both present and future attacks. This is good news, because predicting future attacks – whether for artificial intelligence, autonomous systems, and the like – is not a good means for planning today’s defense. As one would expect, the pillars of cyber defense we recommend involve a company-wide commitment to security, a specific focus on credentials, and a primary goal of establishing hygiene for identities and how they are managed and maintained. We believe these strategies track our observations of prior threat, and also align with reasonable management practice.
This idea that proper and reasonable management strategies would be the best way to handle future unknown (and unpredictable) cyber threat should be good news for executives and managers. It suggests that planning for the future does not require predicting the future – but rather, is best handled by cleaning up existing controls and tending to solid cyber and identity hygiene.
Further good news is that many commercial solution providers, including SPHERE, can help security teams to achieve this goal. The SPHERE team specializes in optimizing cyber hygiene to protect infrastructure, systems, applications, and data. These solutions can be deployed today to help prevent the threats of tomorrow.
As always, let us know what you think – and we look forward to hearing from you.