Sometimes in the maelstrom of cybersecurity battles, it is helpful to step back and see where we came from, where we are, and where we are going. This year, in addition to studying for and passing the CISSP exam, I have been to a bunch of security conferences. I’ve been to MISC.conf, Secure360, B-Sides, and the Tech Security Conference. Here are some highlights and insights I’ve gathered from these events.
Where we came from
- 1980 – In the early days, we relied almost exclusively on anti-virus software installed on individual computers. This classic endpoint security was supplemented with personal firewall software.
- 1990 – This era saw computers and servers becoming connected via local area networks, and this increased the risk of malware infection. To harden these networks we relied on proxy servers, firewalls, and early intrusion detection systems. We began to look for unusual inbound traffic and created rules to block or filter the incoming traffic. This moved the defenses from the endpoints to the network perimeter.
- 2000 – The early years of the new millennium saw the rise of the worm, and in response Microsoft put all other development on hold to harden the Windows XP operating system with Service Pack 2. This is also the beginning of e-commerce, and the development and use of encryption to secure communications and financial transactions.
- 2010 – We began to deploy next-generation firewalls, and security information and event management systems. In addition to defending endpoints and the perimeter, we began to look at outbound traffic and “east-west” or internal LAN traffic for anomalies that might indicate an intrusion.
- 2015 – We saw the rise of the advanced persistent threat and developed countermeasures to defend our networks from them. This battle is still underway.
Where are we now?
- Public Sector and Governement
- Financial Services
- Health Care Organizations
- High level targeted attacks against C-level officers and managers.
- Credential theft.
- Insider attacks including breaches via business partner access.
- Hijack the security layer – exploits use encryption to bypass firewalls.
- New threat vectors from mobile devices and the Internet of Things (IoT)
The average is now 146 days between breach and detection. This is down from 285 days last year, so progress is being made. It takes on average 56 days to respond and recover from a breach.
- Prevention – Set up your network to keep exploits from happening in the first place.
- Detection – Be able to know when exploits and intrusions happen in your network.
- Resilience – This is planning for the intrusion to happen and determining a plan to recover from the inevitable.
Where are we going?
- 90% of all data was created in the last two years. The rate of information growth will only accelerate in the future. This information will need to be stored and secured, and still be able to be found and used when necessary.
- By 2018, 90% of all breaches will be IoT devices. We have already seen botnets mounted on Ubiquiti DSL modems. As we connect more devices to the Internet with little if any security built in, these devices will become attack platforms for exploits that may already be under development.
If you are feeling overwhelmed, you are not alone. The situation on the Internet seems similar to the “Wild West” we know about from the movies. From my point of view, the good guys are starting to take back some ground we lost to the bad guys in recent years. Fasten your seat belts, it’s going to be a bumpy ride.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com