Cybercrime is simply a reality in our current interconnected, cloud-based landscape.
It evolves and changes with the wind, it seems; much to the chagrin of cybersecurity agents in charge of shepherding his or her flock of technology safely.
The way we think about cybersecurity, however, is evolving too. For the past several decades, much of cybersecurity philosophy involved hardening and layering defenses to keep cybercrime out of our computer/IT systems. One view of this approach is primarily of a preventative nature. To showcase this: if one checks the wikipedia page on cybersecurity, the second section focuses solely on vulnerabilities, or avenues of access into IT systems by a malicious actor. The prominence of the vulnerabilities section indicates the importance of prevention in cybersecurity philosophy: front and foremost.
This, often, is not enough.
In a nutshell, the culprit here is simply the hard reality that no system is perfect and breach is inevitable. In fact, systems such as IT that require constant updating to account for changing technology landscape or to repair a previously unknown or unaddressed software bug or incorporate new functionality or a thousand other reasons has little chance to also remain without vulnerability 100% of the time.
This compounded with the computerization and networking of literally most things—calmly labeled the Internet of Things—means now we are working to not only stiffen the defense of our home or work computers and servers and data storage but also our microwaves and automated switches and thermostats and….well, the list could go on and on.
Pardon the overemphasis here but reality is that it isn’t dramatization without substantive basis. Every day, each of these small cracks make shielding an IT system more and more difficult. Cybercrime deterrence becomes hitting small, moving targets…and they grow exponentially as time passes and we digitally connect more things.
While an imperfect comparison, let’s imagine for a moment we were discussing physical rather than cybersecurity, or likewise prevention of physical crime versus cybercrime. Common sense would indicate a physical security barrier or set of barriers that was relative to the target is appropriate. The White House, famously the residence of the U.S. President, would be hardened much more than a random cabin in the woods. While we may be able to walk up and open a door or window to the cabin, the White House presumably is secured with surveillance, fences, Secret Service Agents, and locked doors (among other things I am likely not authorized to know).
Yet these layered barriers, despite their intention to guard arguably the most powerful person in the world, have been permeated multiple times in the country’s history. But what if, immediately when even an unknown intruder attempted to perform an act, he or she were stopped for inspection? That’s not possible in the physical world. But in the cyber world, it’s called zero-trust. And the evolution from focus on prevention of access to resisting an active breach is a huge and important philosophical change. Even CISA—the administrative body largely tasked with Federal cybercrime policy– is getting in on the act.
The world of zero-trust admittedly sounds like a pretty stark place. However, this is exactly the reason such an approach is effective. By requiring inspection of non-verified execution of code, zero-trust agents can control what programs execute at all. Indeed, applications such as those used by Certified CIO in our managed services use a process called ring-fencing which further controls what a program execution can do, even after it has launched. For example, a business may commonly use a certain financial software which interacts with certain network resources. But if that same software attempts to interact with unusual network resources or other executables, the ringfencing software will stop the process and require an inspection (by digital or human means, depending on the nature of the unusual activity).
Zero-trust policies are not foolproof. Indeed, if not combined with principles of least privilege, the effectiveness of zero-trust policies can be blunted. Phishing remains a large threat due to the exploitation of human, not technical, vulnerability. Yet, combining the traditional methods of prevention of access with more up-to-date philosophies of internal system control and inspection, cybersecurity experts have another tool to combat cybercrime.
If your business or organization needs assistance in dealing with cybersecurity, or simply is unsure where you stand, our team of experts is here to help you. Contact us today!