The Fight Against Cyber Threats Requires a Dose of Common Sense

It is widely understood that common sense isn’t common. It’s more frustrating when the approaches used by some associations to prevent cyber attacks from enterprise assets lack the use of common sense. This article documents studies on the frequencies where large associations that are many scan their networks to spot vulnerabilities and increase their security posture. While zero-day strikes (malware introduced to the cyberspace for which countermeasures have not been developed) constitute about 13 percent of all the vulnerabilities (Ponemon Institute, 2014); the remaining 87% are well understood and countermeasures exist for preventing them. The article also explains some of the complacencies of several organizations in fighting cyber threats and provides some tips for protecting the information and communication systems which support government and private associations from cyber attacks.

Current tools which just alert the IT staff to respond to information on cyber threats are insufficient to deal with the huge volume and sophistication of contemporary cyber threats. Thus smart cybersecurity solutions that can predict and prevent dangers on the networks are needed to tackle the limitations of threat management tools. Current efforts to guarantee the cyberspace have resulted in generating large databases of vulnerabilities in NIST and Symantec. However, accessibility to vulnerabilities databases is the first step in threats to these networks, but it will not reduce the frequency and harms brought on by cyber-attacks unless community administrators are outfitted with automatic security tools. Those attempts to secure the cyberspace are not being helped because many organizations and customers are slow to apply security updates. ProSphere

Alarming data from market surveys: Released reports from recent research by 2 independent market research organizations on the frequency of full-network active exposure scans (a.k.a. credential scanning) supply some very disturbing statistics. The 2015 Cyberthreat Defense Report on 678 US IT Practitioners from the Ponemon Institute, LCC’s 2014 poll and 814 organizations by the CyberEdge Group came at very similar results regarding the complacency of associations. Their findings reveal the following Weekly: 4%; scanning frequencies: Daily: 11%; Monthly: 23 percent; Quarterly: 29%; Semi-annually: 19 percent; and Annually: 14%. A number of businesses scan their networks to become compliant with Government regulations with attention to risk management. The reports show that their networks are scanned by about 38 percent of those organizations . Organizations which promise to execute continuous scanning perform scanning which does not offer a detailed picture of the vulnerabilities of their network components. Even the most recent directive from the White House to government agencies to tighten security controls in response to this hack of the Office of Personnel Management (OPM) recommends the agencies patch any security holes in reaction to the record of security vulnerabilities supplied by the Department of Homeland Security every week. (Lisa Rein, The Washington Post, June 16, 2015).

The need to concentrate on automation instead of relying on individual capital: Scanning the networks creates a huge number of vulnerabilities that must be analyzed to gain intelligence about the system otherwise called Situational Awareness. Alerting the system administrator to respond and merely publishing the most exposed nodes is not effective. It makes no sense to expect the brain to process over 300 vulnerabilities without anticipating a brain freeze, and employ necessary countermeasures. Instead of lamenting on the lack of personnel or cybersecurity specialists, a substantial quantity of resource needs to be devoted to processing automation. Instead of rely on humans to do penetration testing following the vulnerabilities have been identified, tools that automatically generate possible attack paths and prevent attacks on enterprise assets ought to be the focus.

Defense in Depth: The concept of defense in depth is widely understood by cybersecurity professionals and should be applied. To shield or harden each node on the community, it’s essential to employ at least five strategies. I) Employ up-to-date antivirus software that may disinfect both known and unknown malware. 2) Control the use of certain devices (like disabling the blue tooth in your laptop) in public particularly at airports and Coffee shops; 3) Encrypt the hard disk and the press to protect stored information (lessons from Sony and OPM); 4) Control software to prevent un-trusted changes (e.g. SQL injection); and 5) Patch control to ensure the system is running the most current applications. Defending in Depth is known as Host-Based Access Control in certain quarters. Once the server was protected, meticulous attempts should be made to defend the community (i.e., connected nodes).

Concluding Remarks

Virtually every week, we read concerning the vulnerabilities of this government and private networks and the significant cost to the market, intellectual property, and privacy of all people. Established businesses and government agencies expend a substantial amount of funds deploy and to develop cybersecurity tools, yet the strikes persist. Why one can ask. While we understand that the issue is difficult, there are some basic steps that we will need to take to cover the matter. Weekly scanning of the network assumes the hacker doesn’t attempt to penetrate the network. Are we comfortable to allow on the system for a week to roam? Controlling access to assets need more than two or authentication. Sense is made by encrypting the information with a encryption algorithm to make it difficult for the thieves to use stolen information. Rather than lamenting on the shortage of cybersecurity professionals (that is accurate ), focus on smart automation to reduce the level of effort for performing several mundane tasks. These measures are what this author calls approaches.