Breaches happen, so be prepared

Rik Ferguson, the Vice President Security Research for Trend Micro, has a sobering warning. Your security will be breached. You can’t stop it, you have to be ready.

“You build your infrastructure on the assumption that a breach is going to happen. Your goal is to find out immediately and respond accordingly.”

In the past, security was all about creating barriers around your critical resources so that no one could get to them. While that remains a central plank of any security strategy, a more modern operational environment also focuses on mitigating the effects of a breach.

“It’s less about building a better castle and more about building a better dungeon. You make it more difficult for the attacker to leave with what they came for. You have to accept the fact that they’re going to get in,” said Ferguson.

To that end, he suggested that protecting data within your network is crucial as you have to assume that it will leave your network at some point. “Encryption is your friend in that respect so that if they get your data it’s useless,” he told us.

In addition, Fergus suggests that there is value in using other techniques. “Something that I think is under-invested, particularly in enterprise networks, is all the honey-x technologies such as honeynets, honeypots— and one that is really cheap and easy is honey-user accounts. You can do that with an outsourced cloud service”.

So where does the responsibility for information security lie? Is it up to IT to look after this for the whole business or is the responsibility broader?

“Most companies have a CSO or CIO fulfilling that kind of role. Sometimes they’re very technical, other times they’re very business-focussed. I think in a lot ways there’s a requirement for both CIO and a CSO. The CIO is concerned with information and the CSO is focussed on security. They complement and assist each other. I think this is the model that really works”.

Ferguson also notes that IT and security are being bypassed. “With the adoption of cloud and multi-tenanted services, a lot of those decisions, such as which cloud provider are we going to use, are made by individual business units without any interaction whatsoever with IT or security,” he said.

Given that the new focus of security seems to be acceptance that breaches are going to happen and that the new way of approaching security is to ensure that adequate controls are in place to detect and mitigate the effects, we asked Ferguson whether this approach has been effective.

“So far, of all of the breaches that have been reported, none of them has stopped something before it started.”

One of the more insidious aspects of recent breaches is that it’s not always the larger, well-known businesses that are attacked, but partner companies. For example, in 2011 Epsilon, the world’s largest permission-based email marketing provider, was breached resulting in the customer lists of several Fortune 100 companies being compromised. Until then, Epsilon was a largely anonymous company.

“I remember when Epsilon was breached,” recounted Ferguson. “I’d never heard of them. I never knew a company called Epsilon existed. But as a result of that attack I received five breach notification emails from five different companies”.

So, even if your own seals are tight and data is safe, you have to consider the position of a critical business partner in your security threat and risk assessment.

The proliferation of mobile devices is also an important part of the enterprise’s threat surface as mobile devices are often the least protected endpoint on the network, concluded Ferguson.

Join the CSO newsletter!

Error: Please check your email address.

More about CSOTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts