Three ways to keep your organization safe from cyberattacks
Cyberattacks continue making headlines as more companies fall victim to ransomware. Throughout the past year, we saw some of the largest breaches, leaks, and real-world attacks to date.
COVID-19 has forced organizations to restructure the workplace, and we’ve acclimated to working and living remotely. Our networks have evolved to include living rooms, basements, and city parks. However, this change presents developers and security teams with more challenges.
Let’s examine three cybersecurity challenges that are seemingly unrelated, but deeply intertwined below the surface. In each case, the underlying problems would greatly benefit from a policy of improved communication.
First, we must understand our technology stacks. This is the collection of IT infrastructure that includes everything from operating systems and programming languages to servers, data storage, application monitoring tools, business intelligence solutions, and more. For CISOs, juggling the vast scale of a tech stack and the attackers using increasingly sophisticated techniques calls for a new approach to security to keep systems, data, and devices safe.
Second, we need a new approach to the firehose of information hurtling toward us. We’ve all heard the saying that if everything is an emergency, nothing is. We get alerts from our development platforms, the Continuous Integration system, the security monitoring tools, even our watches. Somewhat paradoxically, this world of constant notifications has conditioned us to ignore alerts. Addressing this issue seems simple—prioritize the notifications that matter—but the sheer number of alerts and their associated false alarms means thousands of warnings go unacknowledged, and many companies aren’t as secure as they think they are. Responding to alerts must become automated, and for that to happen, we must put systems in place that can scale with the people monitoring for those alerts.
Third, we need to create a culture of follow-through to ensure issues are resolved. As we saw in the major breaches this year, seemingly innocuous alerts have the power to start a chain of events, leading to massive cyberattacks. The attackers who developed the Sunburst malware spent more than a year inside their target organization before being identified, highlighting the importance of cooperation and attention to a proactive cybersecurity program.
The stacks
We could talk about how the solution is easy and keep shifting left until the problem goes away, but the reality is that the challenges around technology are ones of communication. Are the right people helping to understand the problem? Do we have the right tools talking to each other?
In other words, no solutions exist in a silo. The days of having one computer accomplish one task, managed by one person are long gone. Now, we have tools to manage almost everything—thousands of applications, hundreds of containers, and tens of clouds. Prior practices such as human audits can’t keep up with that number of apps.
With all these tools running at once, software developers need to first assess and understand the infrastructure they’re dealing with to effectively safeguard it. Understanding the tools you’re implementing and how they affect one another in your organization is the first step toward streamlining updates that keep up with your software supply chain, preventing old code and buggy systems that leave valuable data open to cyber attacks.
The firehose
Anyone operating in a modern infrastructure receives thousands of alerts every single day. The stories about the scale of the notifications are staggering, with some IT professionals receiving more than 1 million security alerts daily. Separating critical alerts from the noise poses a major pain point for the people at the helm of an organization’s security infrastructure.
We need to automate the process by removing humans from the frontlines of the critical alert path. Automation tools can effectively and efficiently sift through the noise and allow humans to get to meaningful alerts. By automating our tooling, we can more quickly define which alerts need immediate attention.
The follow-through
Breaches don’t happen in a vacuum. Security being everyone’s job is common advice, but the continual rise of data breaches indicates that it often falls on deaf ears. To ensure better security, everyone’s job should be better cooperation and communication.
For problems like this, I like to draw inspiration from the open-source community. According to the community behind Debian, the importance of a radical level of transparency throughout your organization is central to their social contract.
We need to take a step back, revisit our approach to security, and adapt it to the new normal. Transparency has the power to clear the path for open communication which will enable organizations, their customers, and their partners to maintain secure environments.