We have all heard the saying, “early detection is critical.” This is true in most aspects of our daily lives; in everything from medical diagnosis, automobile issues, a leaky roof, credit card fraud, etc. It should come as no surprise that this is especially true in the context of data security breaches as well.
For many years, the cyber security industry has been rallying around the concept of preventing data breaches, and why not? To be sure, this is a reasonable goal for a cyber security team to aspire to achieve. In their effort, cyber security teams set up perimeter defenses, restrict data access, patch vulnerabilities, apply sensors to data movement sensors, encrypt data, etc. – and these are essential things to do. In the real world, however, these teams face the ongoing threats of zero-day vulnerabilities, phishing attacks, stolen credentials, compromised laptops, poor application design, and a hundred other vectors designed specifically to stop them from achieving their goal. These ongoing threats are dynamic and constant. In a split second, they can render useless the manifold defenses that cyber security teams worked so hard to deploy to secure their data. It’s time for a new mindset around protecting data.
Early detection: Not just for earthquakes and heart attacks anymore.
The aforementioned threats to data security are not new. The Open Web Application Security Project (OWASP), a non-profit organization dedicated to helping website owners and security experts protect web applications from cyber attacks has been around since 2001. Given that history, you’d think the statement “it’s time for a new mindset around protecting data” would be a foregone conclusion at this point; but, it’s not. In some respects, the evolution of data security is akin to the evolution of warfare. As I work with organizations on bolstering their cyber security posture, I am often reminded of Wellington’s comment about Napoleon’s defeat at the 1815 Battle of Waterloo, “They came on in the same old way and we defeated them in the same old way.” I suspect that had there been hackers in those days, they’d have echoed Wellington’s sentiments. What most organizations need is not “the same, just more of it” but a new mindset about how we consider gaps and weak spots in data protection today. It’s really time to flip the traditional security paradigm on its head with a revised approach to protecting data, then apps, then endpoints, then the perimeter. Or more simply, a strategy in which protecting data itself is the priority.
Waterloo, 1815. Napoleon did not recognize the need for a new strategic paradigm.
What’s the problem?
The threat landscape changes every day. On December 1, “CVE-2021-44228” may well have been the hull classification for a new US Navy ship for all we knew. When you consider new threat vectors every day, the notion of breach prevention almost seems like an outdated philosophy. An effective approach today to protecting sensitive data must be much more agile and dynamic. Look at the billions of dollars that enterprises spend to erect fortresses around their data only to be undermined almost daily by a privileged user clicking on a link in an unsolicited email or a missing patch on a router. The reality is that we no longer have black and white boundaries to protect. Instead, we must settle for a more practical and modest goal of minimizing the impact of breaches when they occur – because they will occur!
Breach detection at the database level is key
Our new paradigm must compel us to focus on early detection of a breach where it matters most: at the database level. Routers, FWs, and laptops are not the hackers’ intended targets. In fact, cybercriminals are not even after your money, directly. Personally identifiable data is far more valuable. As I said, tactics such as protecting the perimeter and deploying web application defenses are important; but at the end of the day, these are all merely entry points from which a cyber attacker can pivot to find and steal the real crown jewels, the concentrated sensitive personal data you keep in databases across your entire architecture. Make no mistake: the goal of most cyber attackers is to identify and exfiltrate customer, patient, payment card or intellectual property information from your data sources because those are precisely the assets that have tangible value in the shadowy depths of the internet. For cyber security practitioners, the process is challenging but very straightforward. Gain visibility into 100% of your data estate and use reliable, automated analytics tools to get a handle on what is normal so you can quickly identify suspicious behavior and orchestrate actions to stop it.
The negative consequences of doing nothing
The impact of a breach that goes undetected and results in the compromise and loss of sensitive customer data is far-ranging. The most common impact is financial losses. The longer the breach is undetected, the higher the loss potential. These losses range from regulatory fines, identity protection offerings, reputation/confidence damage resulting in lost customers, and now class action lawsuits. Lawsuits that could have been avoided if there was an attempt at “adequate” or “reasonable” controls around data which could have reduced the time to detection and minimized the impact of data loss. Of course, there are always secondary impacts in the form of negative brand reputation, high turnover from exhausted security/IT teams, poor corporate morale, etc. The bottom line: the longer you stick to the “same old, same old” and succumb to budget and technology inertia year after year, the more damaging these attacks will be and the more likely they’ll be to pose an existential threat to your enterprise going forward.
A typical result of years of budget and technology inertia. Spoiler alert: you’re the zebra.
In this series of blogs, we’ll familiarize you with what a typical attack scenario looks like in today’s threat landscape so you’ll know it when you see it. Click here to read the next post in the series, We’ll explain the core functionalities you need to have today from your database security solution and provide tips and insights into how to build on your existing security posture and put your new solution into practice. Watch this space…
Try Imperva for Free
Protect your business for 30 days on Imperva.