With the proliferation of more advanced and freely available toolsets, commoditization of attack launch platforms, and availability of wholesale large-capacity network bandwidth for rent, cyberattack velocity is ramping up. If there’s a new vulnerability released you’ll get hit harder and sooner, and you'll have less time to patch – and that’s if there are patches at all. Got an IoT device? Patches can be even more unpredictable.
From UEFI attacks now seen in the wild, to mobile, macOS and other platforms, vulnerabilities get hit from several directions. Where we used to focus on Windows platforms, now there are multiple attack vectors to defend against.
If scammers can gain access to your cloud data, for example, containing things like corporate email, document shares and sales information, they can reap vast troves of valuable information not even located on your infrastructure, often without your knowing.
Since the sprawl of data mirrors the spread of valuable data, Virus Bulletin speakers focus on network defenses and instrumentation to make sure the “crown jewels” in your company will still be protected. In short, the perimeter is now everywhere, so how do you protect it?
Conferences like Virus Bulletin (VB) seek to expose the latest tactics of the scammers, with the hopeful intention being to help others to shore up their customers’ defenses. But baked into the process of publishing and preparing for a speech at the venue, there is the process of notification of the affected vendors and customers, which can add delays in defending against the bad guys, though VB's 'last-minute' papers often add a welcome insight into leading-edge research.
To combat these issues, the community has a series of trust groups and information exchanges that seek to smooth the process, in a procedure called “responsible disclosure” to fellow security researchers.
Meanwhile, as a consumer of data, it becomes more important for you to protect those data in different ways.
First, understand the nature of your data. If you can if you can characterize your data (and how else can data be transformed into information?) you can determine what response and protection would be needed. If you have some generic, useless data stored somewhere, it may not warrant locking down to some unpractical level of rigor. This will free up resources to focus on more critical data elsewhere.
Second, encrypt everything that you can. In this way, even if a breach occurs, it will be much more difficult and require more effort to extract anything of value. Luckily, encryption tools are getting easier to use and more ubiquitous, so it should be much simpler to roll them out to your organization.
Many products these days can encrypt data with the flick of a couple of virtual buttons, so you don’t have to be a security ninja. If budget is an issue, there are free tools available as well, and some (not all) of them are even easy to use.
Also, find ways to visualize something resembling a security “scorecard” across your organization, so you can triage and escalate potential problems quickly, and if there’s a problem you can focus resources appropriately and quickly. Even better is to have a way to correlate security events across your network so you can spot more sophisticated or coordinated attacks at the first sign.
While you work on securing your organization, the security industry here at Virus Bulletin will continue to work out and optimize the rules of engagement for responsible disclosure, and reducing the time it takes to help vendors and customers be protected. But in the meantime, these steps outlined will go a long way toward keeping your data safe if “bad things” happen, even as the velocity ramps up.
