If you know the enemy and know yourself, you need not fear the result of a hundred battles. —Sun Tzu
These 2,500-year-old words from The Art of War still apply to IT security. Master strategist Tzu believed the supreme art was to subdue the attacker without fighting. Today, if you’ve got a 28,000-strong botnet army knocking on your perimeter and your endpoints aren’t protected, it’s not time to start shopping for an intrusion detection app. It’s already too late.
“In the past, a well-defended and provisioned castle was essentially impenetrable, with advantage granted to the defender,” writes Gigamon CTO Shehzad Merchant. But, in modern cyber warfare, the hackers may have gained the upper hand over IT security.
Hackers walk straight in, thanks to your unsecured endpoints
You can blame hackers pulling ahead on the fact that malware has become a commodity, and anyone with a little bitcoin can shop on the dark web for ready-made exploit kits. “All [they need] is one unsecured endpoint,” says security pro and former FBI investigator Jason Truppi. “After that, the keys to the palace are open. Compliance rules don’t help much since they are dealing with yesterday’s threat.”
The advantages enjoyed by hackers will only increase this year, according to Splunk’s 2018 security predictions. Security teams are still fighting an IT skills gap, an increasingly horizontal attack surface, and the reality that everything’s an endpoint in the always-connected workplace.
If hackers were wolves, they’d be staring down an all-you-can-eat buffet of sheep—unsecured endpoints that range from outdated business printers to unsecured smart thermostats and lighting. They’re also using emerging technologies, like machine learning, to discover vulnerabilities faster than ever.
Fortify IT security from the inside out
Early attempts at medieval defense didn’t just dig a moat around the castle and call it a day. The medieval cities that survived brutal attacks, like 2,300-year-old city of Kotor in Montenegro, relied on a complex ecosystem of carefully chosen castle placement, thick walls, strategic killing fields, and illusionary doors. There also deployed internal obstacles, like abatis (spikes) and caltrop (similar to throwing stars).
Security teams can learn from these fortifications, which were built to withstand the worst day imaginable. Merchant has proposed the human immune system as another analogy for effective IT security, writing that the approaches to protection that can shift power away from the hackers work from within and learn and respond quickly.
Fortification 1: Assess and level up
Medieval siege warfare sometimes lasted for weeks or months. Kings needed to assess their castle and town’s ability to withstand many days of attack and judge how this could impact each element of their network. Any weakness in their supply of food, drink, livestock, human power, timber, and other old-school necessities was an invitation for failure.
Hackers may not besiege your walls for 40 days and nights, though. They’re more likely to slip in unnoticed and hang out siphoning your data for an average of 99 days undetected. Think about your office IT like kegs of ale or cattle before you’re under siege. This is where solutions, like third-party penetration testing, vulnerability assessment scans, and the results of your last compliance assessment, come into play. Use the data available to you to understand which of your assets could cause you to relinquish to attack—from unprotected VoIP phones or business printers to lax employee security behaviors.
If your endpoints are practically beckoning to potential attackers, upgrade to self-healing office IT solutions. If you haven’t done the basics, like segregating networks and getting better perimeter protection, address them now and make sure your security is healthy from the inside out.
Fortification 2: Detect and predict
Visiting some of the most spectacular castles in the world, like Dunnottar in Scotland, is a recipe for sore quads. Surrounded entirely on all sides by water or cliffs, tourists are advised to plan two hours for the four-mile hike. Strategic placement of castles was a built-in advantage for their occupants; construction on a hill guaranteed 360-degree visibility to detect and predict an oncoming siege.
Your office IT team has to look out for a lot more than one rival’s army, though. Detection and prediction require prioritization or the active use of the data you’re getting from vulnerability scans to identify the assets and network attributes that are your highest risks. It means using security intelligence tools, which aren’t unlike modern-day lookout towers, to understand which of your operating systems and servers have wildly popular exploits.
IT teams can’t watch from every angle as effectively as medieval castle protectors, but they can prioritize the ways they continually improve their security with third-party threat intelligence solutions and real-time knowledge of their network and asset weaknesses.
Fortification 3: Respond
When Osaka Castle was destroyed by attacking troops in the early seventeenth century, you can bet the inhabitants didn’t passively sit by and treat the experience as an opportunity for lessons learned. The right time to adjust to hackers and threats is in real time, both through the prioritization of risks and real-time tools for oversight.
While IT security pros can control some things—like buying smarter endpoints—networks change rapidly and have vulnerabilities. Responses should be automated and continual. Using tools for constant vulnerability scanning and switching from signature-based detection methods to machine learning-powered anomaly detection tools can help you understand the behavior of hackers in the wild.
Since you can’t exactly use medieval warfare tactics, like pouring vats of boiling oil during an SMS phishing attack, it’s IT’s job to take the advantage back from the attackers. Thinking of your office IT security system like an impenetrable fortress in a giant battle isn’t just more fun than a scratch-and-sniff history book, it’s downright useful.