The world today is more connected than ever before. We all carry around computers in our pocket that have more power than your first PC ever had. Even your fridge and light globes can now connect to the internet! Software use has exploded in business environments. No matter what industry you’re in or how small your business is, you’re almost guaranteed to be more plugged in than you were just a few years ago. Add in the number of SaaS subscriptions you have and your data is now all up in the cloud and accessible from anywhere by anyone who knows your logins, or how to hack around them.
In this brave new world, data is everything. Digital identity theft is now almost commonplace and even the Australian government has been criticized for multiple breaches or inappropriate use of sensitive data. In 2018, over 800 breaches were reported to the privacy watchdog, the Office of the Australian Information Commissioner. Massive tech companies such as Dell and critical private information such as the government-run My Health Record have all reported breaches within the last year. From massive-scale malicious third-party attacks to people taking advantage of insecure systems or entirely offline hacks using uneducated staff, keeping your business safe is a full-time job.
When it comes to virus, bug, and malware protection, there are three broad categories of threat. How much effort you put into protecting against each one may come down to the size, industry, and scale of your business. For some, industry regulations or data sensitivity will mean that even a single breach is simply too big a risk to take. Others may be happy just protecting against known threats and have the capacity to deal with single or small breach incidents. But what exactly are you protecting against?
Here’s an interesting metaphor that can help explain the basics. Think about your business like an airport. The whole process of flying has also undergone a massive redesign since the terrorist attacks of September 11, 2001. There are now procedures and policies in place that never existed before the sheer scale of those attacks took the entire world by surprise. Now we have a whole raft of changes as a response. Cockpit doors and locked and bulletproof, small knives are entirely banned, identity checks are scaled up, including no-fly lists, and new technology such as full-body scanners are at most airports. These are all to protect against what is now a known threat.
Despite being known, 99% of all bug and malware attacks are from known methods. So why do these attacks still get through? What many don’t realise is that it’s not as simple as just pushing out a patch and you’re done. When it comes down to it, network security relies on individuals. To fully protect against threats, you need to be thinking about a depth of defence. That starts with protecting against known threats. Before September 11, we didn’t know that could be possible, no one had thought of it. At that time, it was an unknown threat. Now, we have multiple systems and procedures, all designed to work together to block it even happening again. The same thing should exist on your network. Start by implementing protection at the network level, then your most critical data or infrastructure, and work out from there. These procedures will buy you time to get individual users patched and secure.
But what about unknown threats? Returning to our analogy, where do they fit? We all know what a gun is, and that they can’t be taken on planes. There are many different types: different calibres, pistols, shotguns, long rifles, semi-automatics, but airport security system know about all of them and how to recognize them when it scans people’s luggage. And yet, both in Australia and the US, guns have made it through security and onto flights multiple times since September 11. In some cases, standard policies weren’t followed by security staff, just like your end users not applying patches. Another massive case involved bribes and the use of insider identification by previous employees. Other times, the cause has not yet been discovered.
So, what can you do to protect against unknown threats? In one word, network. The beauty of these are that once someone has tried it once, it’s no longer unknown. After that, collaboration and sharing of data can assist in catching the next person to try the same attack, whether in the same business or across the world. Another method is to use security software that can learn. What if someone tried to get a gun through security by carrying it disassembled, or trying other new ways of using threats, such as the shoe bomber who tried to smuggle an explosive on board a plane in his shoes? A smart security software should recognise the individual components, even if it doesn’t look like the whole that it’s used to, and flag the incident for further investigation.
Lastly, we have undisclosed attacks. These are less common, but for some businesses, still worth protecting against. Again, collaboration between individual businesses can help. Did you know that before September 11, some countries had only random security checks for domestic flights? How about the first guy to get caught with the bomb ingredients in his shoe. What would have happened if airport staff has just tightened their own security but not told the world? Then you come to no-fly lists. Are you sharing bad operators you come across with your competitors to help keep you all safe? When it comes to network security, you have to be right every single time and the bad guy has to be right only once. Sharing information across your industry can help keep everyone secure.
Follow these steps and you have a blueprint to start working towards keeping your business safe and secure. Identify your biggest threats, implement defence in depth, use security software that recognizes different threat vectors and can learn from them, the share any new threats or methods with others and you’ll be well on the way to keeping your organisation protected and safe against all threats, both existing and brand new.
This article was written after an interview with Satinder Khasriya for Content Security's Podcast: Safe in Space.
Subscribe to Safe in Space: A Cybersecurity Podcast Helping you Play Defense in the Digital Universe