Defence for enterprises in the current threat landscape no longer means barricading and patrolling the perimeter, the defenders must look inside for hackers that are already exploring and searching for valuable digital property.
With the vast and growing presence of smartphones, devices and cloud applications in business, an enterprise can no longer ring fence the entirety of its digital estate behind a cyber-perimeter – indeed, many argue that the perimeter is something of the past.
“People are recognising that there is no perimeter anymore that can be protected, you have to assume someone is going to get into your perimeter,’ Kevin Cunningham, President and Co-founder of SailPoint, told CBR.
This means that a proactive approach is critical to maintaining any level of security, as businesses must be monitored internally, with foresight into the potential for an attacker to already be in the process of stealing data.
Giving an insight into how widespread the problem already is, the SailPoint President said: ‘Every CISO I talk to these days just assumes that if we haven’t been breached we have to assume we will be, so how do you identify it, and how do you contain it to minimise the damage?’
The key to that damage limitation, Mr Cunningham argues, is in the one thing unique to many – identity. Identity is being seized upon by hackers who are looking to infiltrate with ease. This means that it does not take a major breach of an integral defence mechanism to leave an enterprise vulnerable.
Mr Cunningham said: ‘If you look at how most breaches are perpetrated it traces back to a lack of understanding or mismanagement of identities. Identities are being compromised by phishing attacks, they get the first taste of the enterprise and they move around and start creating their own accounts. Because people aren’t doing a good job of tracking all this, it happens all the time.’
One of the first steps in locking down identities in the workplace is by first understanding who is after them. Unfortunately, the picture painted by the SailPoint chief was bleak: ‘This is organised crime, it’s the mob, its terrorist cells, its foreign governments. They are all very well-funded, very patient, and the average time to discover a breach is 200 days.’
This long period of time taken to discover breaches means that adversaries are free within an enterprise’s domain for that amount of time, negating any sense of perimeter-style defence. This is why defenders should be searching for adversaries already inside the organisation.
However, taking on the mob and well-armed hackers is no easy task, with streams of data creating chaos for the people tasked with defending against attack:
‘There is a lot of data that people are trying to sort through, and you have got a lot of security systems generating data; the challenge is seeking the signal out of the noise. It is hard to focus on everything that is going on, so what people are adopting now are analytics to help them understand anomalous behaviour.’
These tasks point once again to automation as a useful or perhaps crucial way of dealing with the vast quantities of data that must be processed and handled in the pursuit of hackers and their activity.
Cunningham told CBR that ‘The bad guys have figured out that the weakest link in the security chain is the human being; they have figured out that it is a lot easier to execute a very well put together phishing attack than it is to try and hack in through a firewall.’