It’s easy to think: "What happened in this advanced country with the best security systems?" when you read about cyber-attacks against them. But it’s important to understand that cosmic security isn’t only about having the latest technology, it’s also about having other people involved in the process. Even at the most sophisticated level, the technological aspect can be rendered irrelevant when you factor in the unpredictability of the human element.
Common Factors Leading to Breaches
1. Human Mistakes
People with specific skills tend to make mistakes that can result in compromised systems, despite their familiarity with security best practices. The outcome of one mistake can be devastating for months of planning around defense against cyber threats.
2. Supply Chain Issues
Countries are increasingly dependent upon third parties for the acquisition of products and services; therefore, a single compromise to the supply chain supplier and/or third party can potentially create a back door to the country’s systems even if the countries' systems are securely configured and maintained.
3. Zero-Day Threats
More sophisticated hacking groups employ zero-day threats, meaning they predate the cybersecurity industry’s knowledge of the vulnerability, often resulting in zero-day exploits. As such, even the latest technology and tools available to support an organization’s security program cannot stop attacks that are initiated with an unknown vulnerability.
4. Technology Overconfidence
While technology can enhance a cybersecurity team’s resources (e.g., artificial intelligence and high-quality monitoring dashboards), they should not become complacent as to the types of threats they may face or the exercise of judgment required in safeguarding the organization.
5. Insider Threats
Insider attacks are increasingly common due to the ease of access and therefore, possibility of damage from employees or contractors allowed access to the organization's networks and systems. Networks that have taken extensive precautions to prevent unauthorized entry may be vulnerable to abuse by trusted personnel.
6. Advanced Persistent Threats
Some malware authors and/or hackers may be extremely persistent and methodical. They may test their target’s security posture over long periods of time and exploit the smallest breach. As such, governments and security agencies need to continue to evaluate the risk of developing either signatures of known threats or zero-day threats.
A Good Example:
Picture a castle with walls, guards, surveillance equipment, etc. If there's an open gate somewhere along the wall, a guard who isn't paying attention, or an inside informant, all of that technology fails to work. Rather, breaches of advanced nations happen due to an intelligent, persistent or patient adversary finding ways through "the walls".
Key Takeaways:
1. Plan as if your network has been compromised, don't rely on it being safe. By having already compromised the network, a network security analyst should be able to quickly identify and respond to breaches as well as create a response plan for future breaches.
2. Train staff, run simulations, and clearly establish a response plan in case of security breaches are just as important as firewalls and AI.
3. All vendors must be verified, audited, and monitored. A single weak link in a vendor can compromise an otherwise secure system.
4. Utilize multiple, redundant layers of security for a stronger defense.
5. Security monitoring and response is a continuous function, as hackers do not limit their activity to the 9-5 workday.
Even the most developed nations suffer from security breaches due to hacker's ability to take advantage of human error, process gaps, and unforeseen vulnerabilities. Although many companies invest heavily in building the most sophisticated network security, many are made vulnerable when they assume they are absolutely secure. The focus should not be on achieving total perfection in controlling a network from intrusions, but rather on being both resilient and prepared to respond quickly when breaches do occur.
