At about this time last year, Bruce Schneier, author of the widely followed Cryptogram newsletter wrote that ‘against a sufficiently skilled, funded, and motivated adversary, no network is secure.’
Unfortunately for many firms this is ringing true. Today, if you look at just the most recent spate of retail breaches – most recent of which being White Lodging, it seems like it’s now easier than ever for attackers to penetrate your perimeter and get to high value data.
Now, I say this with some hesitation, but it seems to me that traditional perimeter security is looking increasingly irrelevant at preventing these types of attacks. Not unnecessary, but increasingly irrelevant because it simply can’t keep up with new threats.
It’s become a simple numbers game for attackers. The unfortunate reality is that, for a relatively low price (a few thousand dollars/pounds) attackers can go to market places on the web that sell malware and buy attacks that are undetectable with current anti-virus technology. Last year’s Verizon Data Breach report noted that spear phishing attacks are over 90% certain to get a victim to click a compromised link within 15 attempts. Attackers even compromise web sites that targets are likely to visit, and use this compromise to get in the door. This is why, for example, game sites are such a popular target, as people tend to be careless and re-use credentials on multiple sites. Therefore, getting the credentials from a game site could then theoretically give instant entry to corporate VPNs, financial sites and other critical locations that share those credentials.
Given this reality, it’s inevitable that nearly any organisation that is targeted will eventually be penetrated. Once penetrated, undetectable malware can be installed, credentials harvested, and exposure of valuable data just takes a matter of time.
The key exposure points are anywhere that data is used, stored and processed. Many of the recent retail breaches concerned compromised POS (Point of Sale) systems. Once they had penetrated the network via the POS terminals, hackers installed software to harvest credit card data.
However, the greatest risk is to data within databases and on server accessible file systems. This is where the greatest volume of valuable data resides, and where a harvest of information will yield the most benefit for attackers. The most effective feature set to offset threats to this type of at-risk data is a combination of technologies that blocks most attacks, and allows for threats to be identified in real-time, and which is where Vormetric’s solution sits.
It is very important to note that, in many breach instances, the likes of PCI DSS compliance is actually already achieved but, evidently, has done little to prevent a breach from happening. It’s time that retailers took a fresh look at their security stance, updating, isolating and hardening POS systems, and putting in place the security controls and safeguards for server data that prevent modern and evolving cyber attacks. The traditional approach to network security was to focus resources on creating a toughened outer-shell – but it’s evident that determined hackers can either find a way to make a hole in this shell, or bypass it entirely by compromising someone inside it. Retailers – and indeed all organisations – instead need to implement the Zero Trust Model advocated by Forrester that implements security from the inside out, rather than the intrinsically flawed, old fashioned and ineffective perimeter focused approach.