Among organizations today, there's not enough focus on where digital security matters, that is, setting up the challenge/risk. Let’s come right out and say it: if you haven’t been hacked yet, you soon will be. This is not a surprise to you. You know this. We know this. Other companies know this. And yet, we saw WannaCry spread to hundreds of thousands of organizations via unpatched Microsoft vulnerabilies, Verizon and Dow Jones suffer data leaks due to misconfigured servers, and Equifax weather a breach at the hands of an unpatched vulnerability. Many companies aren't just standing idly by, however. They are now spending more and more trying to combat the ever-present threat of cybercrime. Worldwide, cybersecurity spending is increasing year on year and is expected to reach $170 billion by 2020. So what’s going wrong? No matter how big a fish you are, how big your budget is, or how much you spend on bolstering your defences, if you’re not spending it in the right place, you are leaving yourself vulnerable to attack. Where should you be spending your budget? The basics would be a good place to start Why is this so? Craig Lawson said it perfectly at Gartner Security & Risk Management Summit 2016:
New technology is interesting, but not at the expense of the basics. Look at what simple, fast and relatively easy things you should revisit. The data shows this actually will put a big dent in the problem.
At the end of the day, close to all commodity attacks can be prevented just by fixing the basics. And yet, too many organizations are letting foundational controls get away from them. Too many companies think that by focusing on the latest, most advanced technologies, they can keep ahead of new cyberthreats. Of course, advanced technologies can be important as well and should be evaluated in the future, but foundational controls are where you need to start first to assure integrity and reduce the biggest portion of risk. Once these foundational controls are in place, you can add additional control capabilities – as your organization matures and your budgets allow/increase. Companies should specifically look to foundational controls because they assure the integrity of their systems. Integrity is one pillar of the information security's Confidentiality-Integrity-Availability (CIA) Triad. Of the three pillars, integrity is the least understood and most nebulous because the original focus of integrity was limited to data. What many people don’t realize is it’s the greatest threat to businesses and governments today because an integrity compromise can mean far more than data loss or corruption – it can result in catastrophic system failure (think critical infrastructure). The cybersecurity industry remains overwhelmingly focused on confidentiality. Its mantra is “encrypt everything.” The security paradigm remains focused on perimeter defence, and network security seeks to protect those endpoints with firewalls, certificates, passwords, and the like, creating a secure perimeter to keep the whole system safe. This is noble and essential to good security. But without integrity, or assessing whether the software and critical data within your networks and systems are compromised with malicious or unauthorized code or bugs, the keys that protect encrypted data are themselves vulnerable to malicious alteration. To address threats, security experts should assume compromise – that hackers and malware already have breached their defenses or soon will – and instead classify and mitigate threats. Towards that end, an integrity solution acts less like locks and more like an alarm. It monitors all parts of a network from the access points at the perimeter to the sensitive data within it and provides an alert if something changes unexpectedly. Tripwire offers an integrated suite of foundational controls that deliver integrity assurance. Our solutions for vulnerability management, asset management, configuration management and change monitoring address the integrity management needs of IT Security. They also help IT in many other ways:
- Know what assets you have and which ones to fix first
- Know the environment is in a known and trusted state—detect changes in real-time
- Detect and correct integrity drift
- Automate compliance on a continuous basis and reduce related costs
- Reduce MTTR by quickly identifying root causes of incidents
The simple fact is, when implemented properly, integrity management can prevent the majority of breaches from happening. The result you get from investing in foundational controls for integrity is FAR fewer incidents. It’s time to stop looking for the silver bullet and focus on pragmatic actions. That process begins with assuring integrity via foundational controls. To learn more about how the Tripwire product portfolio can help secure your enterprise, click here. To read part 2, click here.
