A number of high-profile cyberattacks have been making headlines lately — perhaps most notable among them the Equifax data breach, which affected 143 million Americans from mid-May through July. Whether it’s unreleased episodes of “Game of Thrones,” a few million credit cards or the integrity of a national election, criminal hackers are regularly testing the defensive capabilities of a number of popular networks.
Protecting networks from cyberattacks can be a grueling marathon — one that’s testing the strength and stamina of IT security professionals across every industry.
Here, we talk with several leading professionals about how they’re building up their cyber resiliency and attempt to distill their wisdom into a few guiding principles.
Complete Prevention Is A Myth
In simpler times, cybersecurity was largely a cat-and-mouse game of hackers trying to outsmart network defenses. Today’s attackers are far more sophisticated and require new rules of engagement.
“The adversary does not care about your risk management framework,” said Scott Niebuhr, director of cyber engineering and protection at the Aerospace Corporation, a federally funded research and development center. “They will find a way to get in. Or they’re already in.”
Niebuhr isn’t alone in this thinking.
“The realization that attackers will find a way into your systems is a hard fact to acknowledge,” said Kevin Walker, security chief technology and strategy officer for Juniper’s engineering organization. “Rather than assume we can build unlimited defenses, we should focus on ensuring that our most valuable assets are stringently protected and routinely reviewed for access.”
Prioritize What You Protect (And Recover)
No one wants to admit that some data is expendable, but the inevitability of breaches can force cyber professionals to make difficult decisions.
“Protect what is most important to ensure the success of the business,” advised Niebuhr. “If intellectual property is your livelihood, focus efforts to protect that data. If service delivery is key to your business model, ensure you have business recovery and continuity-of-operations plans.”
That’s easier said than done, of course — especially for global organizations. “The majority of our success is in managing our own complexity,” said Walker. “As such, we need to focus on the most important services and data in our enterprise.”
Recovery efforts, too, must be triaged in this manner. Matthew L. Miller is a senior manager in Ernst & Young’s Fraud Investigation & Dispute Services division. During one incident, his team was given a client laptop that had been bricked by a malware breach.
Rather than try to recover the entire drive, Miller focused exclusively on a number of critical contracts that didn’t exist elsewhere on the network. The results? A 94 percent recovery rate.
“While a small minority of an organization’s data is of critically high value, it is often not fully analyzed,” Miller said. “By knowing their data better on a global basis, [organizations] will drastically improve their cybersecurity posture.”
People, Not Just Programs
Just as the stereotypical hacker is no longer a bedroom-dwelling teenager, a la “War Games,” so too has the day-to-day reality of cybersecurity evolved over the years. Network defense is not a closed-door enterprise; teamwork and meaningful vendor relationships are critical for success.
“Cyber is a people industry,” said Dom Glavach, chief security strategist at CyberSN, a leading recruiter of cyber talent. “I retain team members by ensuring they are always challenged [and] have a great work environment.”
Walker agrees: “The absolute essential ingredient to a strong cyber program is the talent we must invest in and cultivate,” he said. “Not only the subject matter experts, but the talent across the organization.”
Strong external relationships are also important.
“With so many new solutions, it’s sometimes hard to see what’s great and what simply adds workload,” said Laurence Pitt, Juniper’s security strategy director. “As trusted allies, vendors must work on the best answer to a problem, rather than just adding layers that are harder to see through.”
Security Is More Than A Network
Taken together, these insights lead to one conclusion: Effective cybersecurity is a dynamic challenge that demands more than off-the-shelf software.
“Once the low-hanging fruit has been taken care of by the commodity solutions,” said Dods, “custom solutions must be created to cover the use cases that have been left exposed.”
Juniper builds unified security platforms via software-defined secure networks, allowing cyber professionals to leverage automation, machine learning and real-time intelligence when they defend their network.
However, noted Pitt, “These solutions are intelligent, but they do not have intelligence. That’s the human value in the equation. Being able to think and see outside the box is our differentiator, and will continue to be for some years to come.”