DUBAI,
United Arab Emirates, 13th July, 2014: It’s often helpful to poke our heads
above the tree line and see what’s happening in the world around us in the form
of major cybersecurity trends affecting all of us. With cybersecurity incidents and developments
in the headlines daily, there’s no better time to try to make sense of it all –
and plot a line across trends to show us where the market is headed.
Here are just the top stories in the
news from the past few months. Craig
Carpenter, Chief Marketing Officer at AccessData says that they all point in
the same direction, namely the dire need for near real-time detection,
remediation, response and resolution of cyber incidents:
·
The OpenSSL story is
just getting started. The “Heartbleed” Open SSL flaw was a very big
deal when uncovered a mere month ago, as Open SSL is used to secure roughly 2/3
of the world’s web sites. Now just a
month later there is reportedly a second major flaw in Open SSL that leaves unpatched web servers
vulnerable to a man-in-the-middle attack.
·
State-sponsored
espionage rhetoric increases. The US and China kicked their simmering cyberhacking
feud to an entirely new level in May
when the US indicted 5 members of the People’s Liberation Army for “computer
hacking, economic espionage, trade secret theft, aggravated identity theft, and
other offenses.” To no one’s surprise,
China’s response was swift and equally strongly worded.
·
The breach drumbeat goes
on. Just when we thought we’d moved past hearing
the term “Target breach” ad nauseam, eBay became the latest victim of a
major cyberbreach,
announcing in late May that an encrypted database housing user data had been
hacked. eBay asked its 145 million users to
reset their passwords
as a “precautionary measure.” The online
auction giant was criticized widely for its allegedly slow response to the
breach, a breach that is rumored to have gone weeks without
being detected. Authorities in at least four states and the
US’s Federal Trade Commission immediately launched an investigation into the
breach and eBay’s response to it. Which
takes us to…
·
Global governments
increase pressure on breach notification and cybercrime penalties.
Whether due to a genuine interest in protecting consumers or in an
effort to gain politically from being seen to be “doing something” (or both),
governments across the world rushed to aid consumers when their data has been
compromised and to bring cybercriminals to justice. The EU already has arguably the
world’s most stringent notification requirement (within 24 hours of “detection”),
currently applicable only to ISPs but potentially extending to all enterprises
in the near future. The US’s Federal
Trade Commission has already had a healthcare data breach
notification requirement for four years, and has made no secret of its strong desire to stringently regulate
breach notification
at the national level as part of its privacy protection mandate. Heck, even the Queen of England got in on the action by proposing life sentences to
serious hackers.
That’s a staggering amount of news for
the cybersecurity industry to absorb in a year, let alone in a four week
span. But while the stories themselves
are all different, they all point in the same direction for the cybersecurity
market. Here’s what they’re telling us
about where the cybersecurity world is and where it’s headed:
·
Everyone is compromised,
so you’d better be ready to act. The days of keeping bad guys out are
gone. State-sponsored hackers have
virtually limitless resources and time – something none of the rest of us
enjoy. And even if state-sponsored
hackers aren’t focused on your crown jewels, there is undoubtedly some
vulnerability already on your network you aren’t even aware of (think Open
SSL). By far your safest approach is to assume you’ll be compromised.
Which means that…
·
Detection, confirmation
and quick remediation are the keys. If you are going to be compromised, you need
to know where and when bad things are happening – real compromises, not false
alarms – so they can be shut down. As Verizon’s 2014 Data Breach Investigations Report shows, speed here matters a great
deal, both in detection and dwell time (time between discovery and
remediation), as it can take mere minutes for critical data to be exfiltrated from a network.
·
Quick remediation is
critical, but so is insight. With so many government entities pushing to
codify stringent breach notification requirements – and a 24-hour breach
reporting requirement threatening to go EU-wide – knowing what happened with
any material breach has also become mandatory.
Waiting days or weeks to let customers know what may have happened with
their data simply won’t cut it going forward.
While these cybersecurity requirements
may seem daunting, they shouldn’t be. An
era of continuous compromise calls for a response that is equally continuous,
fast and comprehensive. As an industry,
we need to look beyond anti-virus and single point solutions and focus on the
integration and sharing of threat detection and response to address these
sophisticated attacks.
