MY TAKE: Why speedy innovation requires much improved cyber hygiene, cloud security

Speed is what digital transformation is all about. Organizations are increasingly outsourcing IT workloads to cloud service providers and looking to leverage IoT systems.

Speed translates into innovation agility. But it also results in endless ripe attack vectors which threat actors swiftly seek out and exploit. A big challenge security executives face is balancing speed vs. security.

I spoke with Greg Young, Cybersecurity Vice President at Trend Micro about this. We met at RSA 2020 in San Francisco. Trend Micro has evolved from one of the earliest suppliers of antivirus suites to a provider of a broad platform of systems to help individuals and organizations reduce cyber exposures.

For a full drill down of our discussion, please give the accompanying podcast a listen. Here are a few key takeaways.

Teeming threat landscape

Security leaders’ key priority is reducing exposures to the cyber risks they know are multiplying. Compliance penalties, lawsuits, loss of intellectual property, theft of customer personal data, and reputational damage caused by poor cyber defenses are now top operational concerns. Yet many organizations continue to practice poor cyber hygiene.

Cyber hygiene basics revolve around aligning people, processes and technologies to adopt a security-first mindset. In the current environment, it is vitally important for companies to secure vulnerabilities in their mission-critical systems, while at the same time remaining vigilant about detecting intruders and recovering quickly from inevitable breaches.

Young believes that the twin steps of patching and also backing up sensitive systems can go a long way towards materially reducing cyber exposures. “As the infrastructure has gotten more complex, and we add more things like the Internet of Things, it’s harder to patch all your stuff, but that’s still the best step you can take today,” he says. “Patch everything, back it up as best you can, and then move on to some of the new technologies that can help you do it faster.”

Machine learning and advanced data analytics are increasingly being brought to bear on quicker, more accurate breach detection, as well as improving vulnerability management and disaster preparedness and response processes. Still, the bad guys continue to innovate and exploit at a much faster pace than the good guys have been able foster best practices and leverage new tools.

Pros and cons of speed

Speed pressurizes this core conflict. Businesses today rely on applications rapidly developed by mixing and matching modular snippets of code, called microservices, that get joined together in software containers. These containers can be spun up by the hundreds, in a moment’s notice, on a virtual cloud server — and then taken down just as swiftly. APIs (application programming interfaces) connect everything together.

APIs are like doors and windows with no locks that swing wide open with a slight push. The deployment of APIs has expanded exponentially. On the one hand, this has created a visibility challenge: companies racing ahead with digital transformation have lost track of all of the APIs they’re using to stitch together their digital services. On the other hand, all of these wide open APIs translate into fresh attack vectors: virgin territory for threat actors.

Young

“Applications today change constantly, and within the servers there are these containers, which are like nested Russian dolls of complexity,” Young says. “Getting visibility into containers is important because the greatest amount of communication internally is taking place container to container.”

Hacking collectives are already probing, if not exploiting, containers and APIs.  To be sure, powerful new security solutions are available to stop this, but they are in very early stages of adaption. One new detection technology is XDR, a new approach to detecting and responding to threats across hybrid cloud networks, with the aim of quickly — and with great accuracy — detecting malicious activity.

Configuration basics

Given the blistering pace of cloud migration, secure configuration of sensitive applications and data bases has become a concern: it’s just not happening nearly as often as it should. These new technologies are incredibly complex, often poorly documented, and change constantly. Tools and processes that default to secure, without unduly sacrificing performance, must come into wider use.

The pressure is real; threat actors are aggressively probing and breaching. To demonstrate this, Trend Micro set up a honeypot, imitating an industrial factory, to see how quickly and often it would get attacked. This is what Trend Micro learned:

•Attackers don’t care what the resources are. Whether it’s a traditional factory or a data center, they are seeking vulnerabilities. They look for known vulnerabilities first — the 99.9% of weaknesses we know about already.

•A small number of savvier attackers have discovered how to navigate factory controllers and the different protocols and components contained within them. The number of such attacks appears to be relatively low, but they can do substantial damage; at the moment, ransomware extortion often is the end game.

Going forward, it is clear companies face a two-part challenge. They must do much better at basic cyber hygiene to protect legacy, on-premise systems; and they must, at the same time, get more proactive about securing dynamic cloud-based systems. “Everyone has to recognize the security is not some back-office function any more, it really needs to be part of how you do development today,” Young says. “If you buy a door for you house, you have to buy a lock for it.”

I agree. It’s going to be interesting to see how things progress. I’ll keep watch.

Last Watchdog’s Melanie Grano contributing.

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.


(LW provides consulting services to the vendors we cover.)