Enemy at the Gate?

Reflecting on the recent ransomware attack that shut down the city of Atlanta’s online systems, even weeks later, officials are still struggling to restore key services across the extensive service network.

While details about the attack remain thin (and understandably so); authorities have confirmed the city experienced a ransomware cyberattack accompanied by a written demand for $51,000 in bitcoin. While this “hostage situation” played out, scores of government services came to a standstill, with services from free airport wi-fi to paying a utility bill online suspended. Police officers resorted to writing reports by hand and courts couldn’t process warrants. With a digital ecosystem built atop a framework of fragile computer systems, all interconnected, this is the chaos that ensues when these systems fail or get breached.

And this seems to be the “new normal” arising from the slow but steady changes, over time, to the way people store, access and manage information and services. With 94% of organizations using sensitive data in cloud, big data, IoT, containers or mobile environments  – new attack surfaces and new risks for data have been exposed that need to be offset by data security controls.

“Just as much as we really focus on our physical infrastructure, we need to focus on the security of our digital infrastructure,” Mayor Keisha Lance Bottoms said. “I am looking forward to us really being a national model of how cities can shore themselves up and be stronger because of it.”

So how to defend against the enemy at the gate? And is there any way to go on the offensive?

Similar to a traditional war scenario, if you wait until the enemy is at the gate, the battle is already at risk. The ability to identify scouting behaviors well before the enemy arrives is critical to both an offensive and defensive strategy. While a traditional framework of edge security, endpoint security and strong passwords may be a good start – it only serves to slow the enemy down. While cybersecurity spending continues to increase at a record pace, John Parkinson, affiliate partner at Waterstone Management Group, put it best: “We’re still trying to build better castle walls, despite the fact that the attackers will always have better weapons than the walls can resist.”

Enterprises are looking to Security Operating Centers (SOC) as a critical line of defense, protecting against intrusions, damaging DDoS attacks and data security breaches, as well as helping with investigation and remediation. While an increasingly important defensive weapon, the SOC alone doesn’t stop anything, it only monitors what’s happening and provides the visibility and early detection allowing you to react and hopefully stunt the spread. There are technologies available (like Cisco Umbrella) to help prevent an attack like this from happening. But to rely solely on this is a dangerous position.

A well-tuned security posture is a combination of measures, countermeasures and monitoring. Just as in any military strategy, relying on one weapon could prove a deadly miscalculation. The strongest cybersecurity posture is a multi-layered approach of tools, people and processes that alert an enemy is at the gate, giving the enterprise the opportunity to shore up that gate in time to keep them out.