Are cybersecurity events becoming more predictable?
With advances in cybersecurity science, math, and physics, and, of course, a healthy dose of luck, there is light at the end of the tunnel when it comes to predictable cybersecurity capabilities.
In the early 1990s, the internet industry needed to move packages as fast as possible because a marketing genius came up with the idea that anyone could have “unlimited internet access” for $9.95 per month. These people belong to the Internet Hall of Fame.
It’s like throwing free beer into the crowd at Yankee Stadium during a Red Sox series!
Overnight, Internet traffic under the Dulles Access Road in Northern Virginia virtually exploded and became “well oversubscribed”. Answer: More capacity! Do it faster! What about the cybersecurity threat? Later! Phishing attacks? Consecutive attacks happening every second of the day? Not yet!
Truth be told, AOL created the Internet, the Internet. At lightning speed, users around the world have multiplied into the millions thanks to Mr. Steve Case and his team. Without that spark and growth, many of us would never have landed a job at Cisco in the days of Dot.com. (Including me:))
Years later, with SNORT becoming accessible open source code, the notion of “intrusion detection” has made its way inside the network and future untrained security teams. The average predictability factor has improved due to the new detection capability.
The Livingston firewall was soon replaced by Checkpoint running on the Windows NT server (Stop laughing, I installed one once). However, it didn’t take long for bad actors to catch on and target all Microsoft products, including Windows 95, NT and Microsoft Mail.
Cisco came to market with the PIX firewall, Netscreen came to market with the ASIC-based firewall, and suddenly security had a voice.
Even with these slow adoptions, security continues to be an afterthought because “security is killing our desktops and apps, kill it!”. Yes, it really happened back then.
Thanks to the TV show and clever marketing from Cisco, the idea for the “Self-Defense Networking Initiative” found its way onto the airways during an episode of “24.” Somehow, something that didn’t yet really exist in real life saved Jack Bauer with predictable security analytics and algorithmic decision making along with automated adaptive controls. It was in 2005!
With the advance of BitDefender to release machine learning with antivirus in 2006 with Cisco, FireEye, Checkpoint, etc. Coming to marketing with “intrusion prevention” capabilities, these advancements have helped reform the industry and revolutionize the cybersecurity market. Yet these solutions were extremely complex to deploy, monitor and manage.
Security continues to go from strength to strength with investments in startups and global collaboration. Predictable recovery from cyberattacks helps organizations learn lessons while driving a business case for more investment from the board.
With CrowdStrike, Sentinel One, and Microsoft advancing through XDR and EDR, are we finally here to predict, prevent, and block attacks before they happen?
There are four fundamental realities that we could all agree on:
1. There are simple patterns in the timing and location of cyberattacks.
2. Attackers repeat.
3. Attacks occur at predictable times and places.
4. Predictable patterns of cyberattacks could help us predict and prevent future attacks.
Even with advances in endpoint network isolation, containment, and prevention, hackers will still bypass predictive controls to execute malware attacks, ransomware exploits, account takeovers, and more. .
Going back to the 1990s, the need to meet market demand for security dominated the moment. Today, with so many complex privacy laws such as CCPA, POPIA, GDPR, and HIPAA, organizations need to have enhanced security, process, monitoring, and business resilience capabilities. This all has a cost.
Cybersecurity insurance has become a modern day in recent years stand-in for companies seeking to recover their losses from attacks. Insurers will offer a variety of different policies and coverages, including:
- Costs associated with an actual data breach, including letters to all affected victims.
- Cost of repairing victims’ credit report and cost of external media communications.
- Fraud investigation services related to any damage related to a specific event.
Cyber insurance will not cover the cost of security remediation, the purchase of new security technology or any third penetration testing, auditing or installation of any security product.
For organizations seeking cyber insurance, the road to predictable security runs parallel. Below is a list of adaptive controls needed for cyber insurance. Many of these investments also align well with a predictive security strategy.
- Critical — Multi-factor authentication (enabled) — Less privileged (Predictive)
- Anyone with privileged or administrator access
- Critical — Endpoint Detection and response (EDR solutions) (Machine learning and AI — predictive)
- AV with machine/AI capability
- Behavior analysis ability
- Exploit prevention and mitigation
- Critical — Logging, monitoring and notification of alerts 24/7 — (Reactive and Predictive Modeling)
- Critical — Updated and validated governance and policy program — (Proactive)
- Proven employee training on a scheduled basis
- Have deployed incident response and outbreak awareness plans
- Critical — Secure EDP/VPN access- (Predictive)
- Critical — Proven patch management system — (proactive and reactive)
- Critical — Proven and reliable security solution against email phishing deployed. (Proactive, predictive, to be active)
Zero-day attacks will stay with us for years to come, even with deterministic data tracking of attack patterns. Organizations looking for board investments could take advantage of the need to reduce insurance premiums by deploying predictive technology.
Zero-Day is here to stay. Social engineering via LinkedIn still works. Phishing emails are getting harder and harder to detect, and of course those pesky users (who never complete their cybersecurity training on time) will always be a tough tie.
Yet advancements in the industry are making it harder for global hackers to break in and steal company data. Yet violations still occur every day.
Investment in cyber will continue to grow, getting smarter, harder to manage (unfortunately), but the need to be better, faster and more agile to meet the compliance, governance and security demands of the Organizing is a challenge for every Cyber Warrior.
Until next time,