Cybercrime Brings About Cybersecurity Philosophy Change

Cybercrime is simply a reality in our current interconnected, cloud-based landscape.

It evolves and changes with the wind, it seems; much to the chagrin of cybersecurity agents in charge of shepherding his or her flock of technology safely.

The way we think about cybersecurity, however, is evolving too. For the past several decades, much of cybersecurity philosophy involved hardening and layering defenses to keep cybercrime out of our computer/IT systems. One view of this approach is primarily of a preventative nature. To showcase this: if one checks the wikipedia page on cybersecurity, the second section focuses solely on vulnerabilities, or avenues of access into IT systems by a malicious actor. The prominence of the vulnerabilities section indicates the importance of prevention in cybersecurity philosophy: front and foremost.

This, often, is not enough.

In a nutshell, the culprit here is simply the hard reality that no system is perfect and breach is inevitable. In fact, systems such as IT that require constant updating to account for changing technology landscape or to repair a previously unknown or unaddressed software bug or incorporate new functionality or a thousand other reasons has little chance to also remain without vulnerability 100% of the time.

This compounded with the computerization and networking of literally most things—calmly labeled the Internet of Things—means now we are working to not only stiffen the defense of our home or work computers and servers and data storage but also our microwaves and automated switches and thermostats and….well, the list could go on and on.

Pardon the overemphasis here but reality is that it isn’t dramatization without substantive basis. Every day, each of these small cracks make shielding an IT system more and more difficult. Cybercrime deterrence becomes hitting small, moving targets…and they grow exponentially as time passes and we digitally connect more things.

While an imperfect comparison, let’s imagine for a moment we were discussing physical rather than cybersecurity, or likewise prevention of physical crime versus cybercrime. Common sense would indicate a physical security barrier or set of barriers that was relative to the target is appropriate. The White House, famously the residence of the U.S. President, would be hardened much more than a random cabin in the woods. While we may be able to walk up and open a door or window to the cabin, the White House presumably is secured with surveillance, fences, Secret Service Agents, and locked doors (among other things I am likely not authorized to know).

Yet these layered barriers, despite their intention to guard arguably the most powerful person in the world, have been permeated multiple times in the country’s history. But what if, immediately when even an unknown intruder attempted to perform an act, he or she were stopped for inspection? That’s not possible in the physical world. But in the cyber world, it’s called zero-trust. And the evolution from focus on prevention of access to resisting an active breach is a huge and important philosophical change. Even CISA—the administrative body largely tasked with Federal cybercrime policy– is getting in on the act.

The world of zero-trust admittedly sounds like a pretty stark place. However, this is exactly the reason such an approach is effective. By requiring inspection of non-verified execution of code, zero-trust agents can control what programs execute at all. Indeed, applications such as those used by Certified CIO in our managed services use a process called ring-fencing which further controls what a program execution can do, even after it has launched. For example, a business may commonly use a certain financial software which interacts with certain network resources. But if that same software attempts to interact with unusual network resources or other executables, the ringfencing software will stop the process and require an inspection (by digital or human means, depending on the nature of the unusual activity).

Zero-trust policies are not foolproof. Indeed, if not combined with principles of least privilege, the effectiveness of zero-trust policies can be blunted. Phishing remains a large threat due to the exploitation of human, not technical, vulnerability. Yet, combining the traditional methods of prevention of access with more up-to-date philosophies of internal system control and inspection, cybersecurity experts have another tool to combat cybercrime.

If your business or organization needs assistance in dealing with cybersecurity, or simply is unsure where you stand, our team of experts is here to help you. Contact us today!

Tabbie Coulter

great professional service and very timely!! would highly recommend for your IT needs.

Jessie Palma

I love this company. They have soo much talent there and they always fix it so quickly! They are very professional and courteous! I've gotten to know some of them because we treat each other like human beings :) It's like having an extended family.

Fernando Perez

Awesome management! Great company.

Joseph Silbaugh

I needed to add an older laptop to the business account for my use on the road. CIO did everything remotely for me. It made the task so easy. They updated everything, added my office 365, my 3 emails and checked everything. Great job, quick and efficiently no stress. I recommend them highly

Kay Westerhold

Always a quick response. Issue solved and can continue on with the task every time. Great job CCIO!!

Bill Fissell

The service was prompt, friendly and knowledgeable. Could not ask for more than that.

Kevin Slack

Upgraded our router with Comcast. It did not go smoothly until Steve Plumlee got involved and got everything working well. When Steve is working on our IT issues, they get resolved. Amen.

Hickory Falls Family Entertainment Center

Thanks for going more in-depth with your engineers and investigating solutions and resolving some of our email challenges.

Bill Moorman

Certified CIO is a smart, professional and friendly team of engineers to work with. I am a bright person but computers can make me feel incompetent. The team at Certified CIO never allows you to feel awkward even asking the most basic questions. You have been a lifeline many times. Thanks for your support.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Better IT for Business. Call Today! (717) 340-6000 (443) 283-0666

Cybercrime Brings About Cybersecurity Philosophy Change

Share This Story, Choose Your Platform!

Better IT for Business. Call Today!
(717) 340-6000
(443) 283-0666