What is the Biggest Problem in Cybersecurity Today?
Themes from the show floor of RSA 2018
Viability. Quite simply, the operating environments of organizations have gotten too complex for cybersecurity defenders.
The problem goes beyond not being able to see what is happening in organizational systems to not even understanding the full extent of those systems. Keeping up with the assets under their control and keeping them secure is a new challenge for the modern enterprise.
As organizations move to the cloud, their data moves to systems they don’t own. Employees frequently log into corporate accounts from personal devices. Add the growing number of IoT devices connected to corporate networks and the number of ways for organizations to lose control of their data spirals out of control.
This is not to say that responding to and stopping threats is not important, but before organizations can even begin to think about remediation, they have to know what is under attack. Theresa Payton, CEO and President of Fortalice Solutions and former White House CIO noted in a panel that the first step to securing an organization is understanding what assets are under its protection.
What You Don’t See
Two of the top five attacks from “The Five Most Dangerous New Attack Techniques” keynote presented by SANS researchers result from abuse of poor visibility. The first is data leaks from repositories and cloud storage, a growing issue that resulted in several breach disclosures over the last year. It is easy to forget that cloud buckets and GitHub repositories are part of an organization’s assets that can lead to poor configurations.
The other is the rise of cryptojacking. Malware that appropriates processing power to mine cryptocurrency for hackers can remain undetected for months by flying under the radar of systems administrators. Seeing rogue cryptomining activity may be trivial in owned data centers, but when they are outsourced to cloud providers, organizations need to actively search for this activity.
Asset discovery cannot be a static activity though. Data and devices shift so rapidly that organizations need a constant stream of information about the state of their assets so they can adjust their practices accordingly. Dan Schiappa of Sophos said in a talk that asset management and the policies they inform need to take on an almost evolutionary appearance as they adapt to the changing operational landscape.