If organisations are going to win against today’s sophisticated data breaches they must balance their security focus between preventing malware, and stopping malware’s mission to steal data. iboss CEO and Co-founder, Paul Martini discusses how a new approach to cybersecurity can increase organisations’ security posture and keep them from becoming the next data breach headline.
Question: Security leaders often have what we might call an inflated sense of their own organisation’s ability to detect malware infection and data exfiltration. In your experience, what are they overlooking?
Paul Martini: Most organisations are focused on building thicker walls, or new mousetraps. Every time new technology comes out that allows them to detect malware in a different way, they jump on it. But at the end of the day, even the Great Wall of China has been compromised. What’s important is to examine the situation and ask yourself the right questions. It’s not just what you have in place to detect malware, but what is in place to detect the data that it’s trying to hijack. There’s a lot of technology and solutions with algorithms that focus on malware. They’re looking at command and control centre callbacks, intrusion prevention systems, and other preventive measures. But if you take a step back, you realise there’s a lot of data that doesn’t have a callback, or a destination that’s obvious. For instance, a cloud storage solution such as drop-box can host people’s data and it can also host an organisation’s data.
Question: So with all the attention that is given to cyberattacks now, why do you find that there remains such a wide gap between the time of malware infection and ultimate detection?
Paul Martini: First you have to accept that there’s always the possibility your network will be infected because there is no such thing as a 100% certainty about anything in life. There is going to be an instance when you do get compromised, so the time from infection to detection will never go to zero. That’s why focusing on the data is so important, including proactively monitoring your inbound and outbound traffic. You need to know if your outbound data is moving, for example, to a high risk country or region. Because if you’re not watching it, your offering a huge opportunity for hackers sitting in any part of the world to target your data. That’s really where their focus is and what they’re looking to do. Unfortunately, there are a lot of organisations with a legacy-type approach and they just continually build thicker armour. Then there are more progressive approaches to security, where organisations focus on detecting command and control centre callbacks. However, they are still focusing on finding the malware, asking, “Where is the malware on my network right now?” “Who downloaded the malware?” Questions like that. The most progressive organisations are looking at the data itself, the data that doesn’t have a fingerprint, which means there’s no key by which you can detect malware. This type of evasive threat is what allows infection dwell time to be much longer than it should be, resulting in more data leaving the network unnoticed.
Question: So let’s make this real to an organisation. Within that wide gap between infection and detection, what do you find to be the value of lost hours, lost days, and then the potential business impacts of that downtime?
Paul Martini: When you are talking about permanent data, meaning data not subject to change, there’s really no value you can put on it. People look at the direct victims, who are the people that the organisation sells to and services, but there are also many other victims. For example, there is the CIO’s job, the CISO’s job, the board, the organisation’s leadership, which can all be impacted. Then there is the problem of brand reputation, and the embarrassment a major data breach brings with it. The brand damage resulting from a breach not only affects consumer’s confidence in purchasing products or services, there is also the issue of losing the confidence of partners or other organisations with whom you do business. And even beyond that, consider a case like Sony where you have an organisation that was so impacted by the breach that they had to sell assets and get rid of departments that were completely unrelated to the breach or to making movies, in order to cover their losses.
Read the Entire Interview:
Malware from Infection to Detection: Closing the Security Gap to Reduce Data Exfiltration
If you’re concerned about how secure your organisation is, speak to Net-Ctrl about how the iboss platform can help you. Email us at firstname.lastname@example.org, call us on 01473 281 211 or go via our contact page.
Net-Ctrl is a UK based iboss reseller.