The cyber threat is real
Last year saw over 1,000 recorded data breaches suffered by US companies and government agencies – a 40% increase on 2015. So with 2016 being the worst year on record for data breaches, General Data Protection Regulation (GDPR) looming, and New York Department of Financial Services’ regulation set to put stringent cybersecurity requirements on financial services companies, it is logical to expect that organizations would prepare for the worst and put the right measures in place to ensure they keep their own and consumer data protected.
Recent advice from BT’s Chief Security officer, Bruce Schneier has suggested quite the opposite. Prior to the RSA security conference in San Francisco, he implied that the threat is somewhat exaggerated. Speaking to BBC News, he warned that using phrases such as “cyber armageddon” gives the wrong impression and that there was a power struggle, involving a “battle of metaphors.”
He also explained that the rhetoric of a “cyber war” confuses the industry, and this notion is only based on high-profile incidents such as blackouts in Brazil in 1998, attacks by China on Google in 2009 and the Stuxnet virus that attacked Iran’s nuclear facilities. He also pointed to the fallout from Wikileaks and the hacking of Republican vice-presidential candidate Sarah Palin’s e-mail.
Is it something it isn’t?
“Don’t make it something that it is not,” reporters were told on the day of the RSA conference. Schneier explains that it is actually war-like tactics that the industry is facing, rather than a war. To some extent, there is an essence of truth in Mr Schneier’s words. Attacks are becoming more calculated which undoubtedly echoes military-like tactics.
However, the implications of his words are dangerous if organizations take it seriously. As this week’s global cyber-attack demonstrates, the threat is very real. Organizations across the globe have learned the hard way that data breaches should be considered as a ‘when, not if’ situation. Hackers are becoming ever more skilled in finding points of vulnerability, proven in the recent rise in clever spear phishing attacks which prey on the user to reveal credentials.
Trust nothing, secure everything
Consider the dramatic increase in the number of devices that organizations now provide to their employees; desktop computer, laptop, mobile phone. These devices then connect to the cloud, home WiFi or public WiFi when remote working in required. The attack surface has exploded exponentially, thus increasing the risk of a cyber attack. It is vital that businesses look the reality of the cyber-security landscape when determining their security strategy, rather than the suggestion of an over-exaggerated threat.
In order to stay one step ahead of the hackers, organizations must move towards adopting a Zero Trust model. With a Zero Trust security posture designed to minimize the impact of a breach when it happens by containing threats, it allows organizations to ensure that their network is secured and that they are prepared when the worst happens.