Without knowing it, we spend every day of our lives being vigilant against criminals and specifically, intruders, writes Dave Nicholson, pictured, Technical Sales Consultant at network services company Axial Systems.
From ensuring the door is latched when we leave the house to storing our possessions out of sight when we park the car, we’re subconsciously cautious in our everyday activities. Yet, when it comes to protecting networks, businesses continually fail to apply the same commitment to keeping things secure. This comes down to the fact that in all of the technological jargon circling the matter, businesses fail to recognize the cyber criminal as a human threat. Well, most cyber criminals are still only human. Remember the school bully? How they always picked on someone they perceived as being weaker than them? It’s human nature to go for the easy win, yet the more difficult something is to do, the less likely we are to do it.
Most cyber criminals attack organisations for commercial gain. The softer the target, the more they’ll inveigle out of it and the more money they’ll make. Make something tough and it’ll take so much time and effort to break down, that it will no longer be financially viable. This is why an “if it’s going to happen it will” attitude to network security can be self-fulfilling. Too many organisations are now being defeatist, thinking it’s only a matter of time before they suffer a network security breach and only focusing on how they will clear up the mess after it happens, rather than carrying on trying to prevent it.
However, there’s no point just increasing the size and scope of an organisation’s perimeter defences. I like to think of a castle. There’s little to gain by just widening the moat or building thicker walls. What if the drawbridge is down and the guards asleep? Or someone tunnels under the moat and walls? Or they have a friend on the inside? The most successful breaches of security are usually unpredictable and downright brazen – in the non-cyber world think of the Hatton Garden heist of a few years ago, or even the Trojan horse (the one used by the Greeks after the siege of Troy that is, not the malware).
If you keep the moat and walls but build additional defences inside the castle; ramparts, spikes, bear traps even and section if off you limit the access to each section to a small number of controlled points. In IT security terms, we’re talking about security zones, micro-segmentation, network access control, authentication-based firewall policies, SSL visibility; there are multiple options. If the malware can’t go anywhere and you have it locked down in a particular part of your network, it can’t proliferate and the problem is contained.
It’s easy to get blinkered and focus on new products but, generally, by the time you deploy them, the world and the bad guys have moved on. Sometimes it’s better to step back and have a more considered wider strategic view. For example, we worked with a video games company that was being constantly hit by DDoS attacks on their live gaming site. So, they did some lateral thinking and routed the gaming site through a secondary channel. The attackers have gone off and found a softer target.
So, be proactive and make it hard for the attackers. Create multiple layers of defence, one-way “streets” and access control systems. They may devote time and effort to breaking down these barriers, but they too have limits to what is and isn’t worthwhile. And like the bully, they’ll soon move on, attracted by the prospect of an easier win.
