/>
X
Innovation
optus-cisco-logo.png
Accelerate your tech game This content is produced in association with the sponsor and is not part of ZDNET's editoral content. Learn more

ZDNET Multiplexer

mul-ti-plexer-er. noun. A device, in electronics, that synthesizes disparate data signals into a single, uniform output. ZDNET Multiplexer merges various perspectives, media types, and data sources and synthesizes them into one clear message, via a sponsored blog.

ZDNET Multiplexer allows marketers to connect directly with the ZDNET community by enabling them to blog on the ZDNET publishing platform. Content on ZDNET Multiplexer blogs is produced in association with the sponsor and is not part of ZDNET's editorial content.

Close

New attack patterns demand a new approach to cyber defence

Maintaining a strong cyber security posture has never been easy. But we've always been told that if we do the basics right, such as keeping a strong patching regime, we should be able to cover off the worst of the threats.

But as the recent server attacks have shown, even getting the basics right won't always mean we can protect critical systems. Because simply putting your faith in fundamentals such as patch management, endpoint protection, network access controls and so on might not be enough to defend against these newer threats.

Taking a layered approach

These recent attacks on third party systems demonstrate the increasing sophistication of threat actors. They also highlight the pressing need for a new security mindset.

At Trustwave we've found the best way to defend against these new threats – and the ones we think might be coming next – is with a layered strategy.

This works from the assumption that any given layer is likely to fail, but ensures that when it does, there is another defensive layer behind it, and another behind that.

This approach assumes that attackers are dedicated to achieving their goal and won't give up simply because the first line of attack falls short. However, they may be more likely to give up the chase if their second line of attack falters, and much more so again when their third effort fails.

This approach eliminates the chances of attackers finding a single point of failure they can exploit and creates a much more robust target which is less appealing for attackers to pursue.

The benefit of this approach can be clearly seen in light of recent attacks. While for years we have believed that aggressive patch management is critical to cyber security strategy, in this instance it was specifically those organisations that had implemented the latest patches that had made themselves vulnerable.

And while some organisations may have gotten lucky due to their own negligence, this should in no way been seen as advocating for lax patch management. But it clearly shows that simply doing one right thing is not enough.

Cyber as a business unit

These attacks again highlight the need to run cybersecurity as a business unit that is deserving of investment, rather than being an add-on to a business or a necessary evil. Cybersecurity is just as fundamental to an organisation's ability to operate as its finance function or operations team, for the very simple reason that no organisation will be able to function for long without it. Having weak and inadequate security can be more detrimental to an organisation's bottom line or reputation than a poor go-to-market or marketing strategy.

The sad truth is that all organisations should consider themselves to be under attack at all times and equip their cyber functions appropriately. It is no longer good enough to simply wait for attacks to happen, as by then the damage has already been done. 

This is also a highly prudent perspective to take when you consider that the volume of attacks that organisations face is only ever going to increase, with much greater chance of organisations becoming collateral damage in supply chain attacks such as that which hit SolarWinds.

Raising the status of cybersecurity to business unit level also means organisations need to be backing their CISOs with the tools, talent, and resources they need to do security right for their organisation. That means giving CISOs the authority needed to ensure that new projects are secure by design, such as by ensuring that devops processes are really devsecops processes.

Eternal vigilance

The end goal here should be a cyber security business unit that is constantly monitoring and proactive in its processes, and when a response is needed, able to implement that response in real time.

That means being able to detect and respond to aberrations in network behaviours even before they have been classified as threats.

We often talk about living in the era of zero trust, but what we really need in response is to respond with zero tolerance.

This approach is embodied in programs such as Trustwave's Managed Detection and Response (MDR), which combines technology and human expertise and intuition to focus on advanced threat detection and mitigation on an ongoing basis. By constantly applying new information to historical data, it is possible to improve correlations and build a deeper understanding of an environment as a whole.

Because when it comes to modern business, the freedom to operate really does come at the price of eternal vigilance, and that means assuming that everything that could be a threat is actually treated as a threat.

Because while there are often few rewards for swatting away the disasters that could have been, that is still much better than picking up the pieces when those lines of defence fail.

For more information on Optus and Cisco Security solutions, click here.

Editorial standards

Related

How to activate a new iPhone
New iPhone at startup

How to activate a new iPhone

The 21 best Cyber Monday Chromebooks deals
samsung-galaxy-chromebook-go.jpg

The 21 best Cyber Monday Chromebooks deals

Google warns: Android 'patch gap' is leaving these smartphones vulnerable to attack
Person using an Android phone.

Google warns: Android 'patch gap' is leaving these smartphones vulnerable to attack