Why Block and Tackle is Insufficient When Dealing with Modern Attacks

Cybersecurity today is more than just knowing your weaknesses: it is about illuminating all your blind spots.

Why Block and Tackle is Insufficient When Dealing with Modern AttacksBy Graham Ahearne    2 February 2017      Thinking

Cybersecurity has classically dealt with shoring up the weak spots in a company’s infrastructure. There was some interior domain that was “safe” or “good,” surrounded by a wall of sorts protecting it from the outside world: the “unsafe” and “bad.”

But digital security, we have found out, is not really so simple.

Where a firewall may have once been adequate protection between two distinct computers sitting in geographically separate offices, now every variable in the equation has been changed. Now, cloud computing means countless virtual machines intertwine with physical machines. Each machine in turn supports a number of apps. In a BYOD world, every person who walks into your building could bring three devices. Complexity has made an exponential leap in just the past 5 years alone. The boundaries are no longer static nor predictable, if they exist at all.

Thus, the topography has changed— but so have the bad guys. Malicious actors grow more sophisticated at a rate that often seems to outpace the good guys. It is alarming to think that just about all of the powerful computing weapons available to the good guys are available to the bad guys.

Even now, I find that many approaches to security are still looking for the weaknesses. They know that they are vulnerable here or there, and so they keep extra sets of digital eyes on those spots. I’d even say that many companies are very good at that: knowing their weaknesses, and taking extra precautions to protect them.

But no matter how good you are at guarding weaknesses, it doesn’t matter. All this complexity means that now, real effective cybersecurity is about the blind spots. Attacks may not even look like attacks anymore, and they may come from a different place every time. Modern cybersecurity can no longer be shoring up walls every time a new leak springs, you must be able to shine a floodlight over your entire network to realize what’s hiding where you never thought to look—or right out in plain sight!

It’s a technological problem, sure: we now need a way to see everything that goes on our networks and an ability to identify what is anomalous, and fast. But, perhaps more importantly, it’s a fundamental difference in the way we approach cybersecurity. We simply cannot pretend to be able to predict anymore where the attacks will come from. As numerous examples have shown us, these breaches often occurred in those places no one ever thought to look, and in some cases go undetected for weeks or months. Cybersecurity today is more than just knowing your weaknesses: it is about illuminating all your blind spots.

I leave you with you this quote from Former Secretary of Defense Donald Rumsfeld, who was not the originator but perhaps the person who put it best:

Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones.

Why Block and Tackle is Insufficient When Dealing with Modern Attacks

Graham Ahearne, Director, Product Management, Corvil
Corvil safeguards business in a machine world. We see a future where all businesses trust digital machines to algorithmically conduct transactions on their behalf. For some businesses, this future is now.
@corvilinc

You might also be interested in...