Global spending on cyber security products and services is expected to exceed $ 1 trillion in five years between 2017 and 2021. Various analysts predict an average compound growth rate (CAGR) of between 8 and 15%.
Not surprisingly, this spending is increasing, primarily due to the evolving sophistication and volume of attacks, and the overwhelming cost of a successful data breach.
And yet data breaches continue.
The sad news is that about 80% of data breaches can be prevented with basic measures. B. Vulnerability assessments, patches, and proper security configurations.
The specific reasons vary; This includes personnel and resource problems, a lack of expertise to optimize complex security systems with multiple providers, and a host of other reasons. Regardless of the specific cause, the common theme is that security lags behind either internal IT changes or changes in the external threat landscape.
The phenomenon is known in technological areas – for example when the configuration drifts when applications and platforms change without reorganization. to cloud drift as new serverless resources evolve to solve point problems that are not considered in the estimates of overall infrastructure growth.
For this reason, we're looking at a new form of drift that focuses primarily on changes affecting cybersecurity – essentially a security drift.
IT and security teams face a double blow
On the one hand, security teams have to continuously deal with evolving threats and controversial developments, and on the other hand, IT teams continuously adapt to changes and make changes to environments that can lead to security anomalies, some of which are addressed and others invisible.
At the end of the spectrum there are changes with high visibility that revolve around important issues such as the convergence of information technology and operational technology (IT / OT) – and these are usually (but not always) observed by cyber security teams at the same time.
At the other end of the security drift spectrum are daily maintenance tasks that may not get the security teams' deserved attention. This includes routine activities such as software updates for new functions, bug fixes and patches for security vulnerabilities, as well as upgrading or replacing standard software that do not require much planning.
Regardless of whether the changes are made to new systems going into production or to existing systems in production, the drift is generated if the changes are made without safety monitoring or with insufficient safety monitoring.
Unfortunately, there are many examples of security drift situations in which routine software updates and IT changes cause vulnerabilities that need to be identified and patched.
A high-tech company that had a robust (or what they thought) A / V solution enabled a three-week patch drift for 2% of its systems. This was because some systems had to be tested before patching (due to operating system and application problems) and others were delayed due to operational constraints. The company was hit by a worm that spread to almost all unpatched systems with nearly 3,000 machines.
The result was a denial of service within this disrupted business and hindered the renovation and restoration of the company's IT systems.
A multinational outsourcing company made FTP servers available to its customers for the purpose of dedicated file sharing. The process for engaging a new customer was to clone an existing service, change the default credentials, exclude the new system from DNS, and test the new system within a week of deployment.
Unfortunately, in one case, the delay between deployment and testing was enough for a hacker to find a system that was accidentally left with default credentials and to penetrate customer data at high cost to the outsourcing company. The security drift created by the new instance has created the opening that an enemy needs to initiate an attack and successfully complete it.
These examples matter in size and impact, but they are the small examples of security drift that are the real silent killers, the proverbial loss of a nail in a horseshoe that loses the kingdom.
For example, a web application firewall that was misconfigured and put into learning mode (monitoring only) and a case where IT changed the name of a server with restricted access. The name change accidentally made the server accessible to everyone. Fortunately, this was recognized before damage occurred and the rule that enforces the access policy has been updated.
There is one thing that connects all of these incidents. Security drift is the result of changes, and security measures are either unaware of the change or its meaning. In some cases there is a manageable risk, in other cases the risk requires immediate attention. In all cases, however, there is a deviation that endangers the organization. This lack of insight makes security a silent killer.
Avoid the silent killer
The traditional practice of identifying and managing security anomalies is a combination of IT procedures and policies, vulnerability management systems, and pen tests. While vulnerability scanning delivers results in near real time; Pen tests don't. This can provide a long window for the occurrence of security anomalies that is unacceptable.
A new security validation paradigm is becoming generally available to the Security Blue Team that automates security validation in production environments. Continuous safety validation complements regular pen tests by filling the gap between tests and becomes a powerful way to reduce the impact of safety drift by detecting and identifying drift cases in near real time.
Continuous security review with Breach and Attack simulation platforms allows the internal and external rate of change to be matched with the company's ability to detect changes that lead to vulnerabilities and gaps to better manage the security mismatch. Don't let the silent killer getya '.
More information is available at www.cymulate.com. Register for a free trial.