[BreachExchange] Minimising the damage caused by a breach

Audrey McNeil audrey at riskbasedsecurity.com
Fri Sep 2 15:31:16 EDT 2016


http://www.scmagazineuk.com/minimising-the-damage-caused-
by-a-breach/article/518942/

Government agencies around the world, at all levels, need to take action.
>From passport records to drivers' licence numbers, tax information to
credit card data, government agencies hold a treasure trove of critical and
sensitive data. And, without the correct security measures in place,
hackers are able to take what they please once they break through the
perimeter defences.

Unfortunately, government agencies do not have the best track record when
it comes to cyber-security protections. The US Office of Personnel
Management breach is best known as one of the largest data breaches in
history. Shockingly, it was reported that it took around six months for
cyber-security professionals to identify the intrusion; six months where
the hackers could move laterally throughout the system and make the network
their playground. And many, many other examples of government breaches have
recently made headlines, such as revelations of hacking at the NSA.

So if the United States government cannot prevent data breaches, what does
this say about the safety of corporate networks in the private sector?

Taking a proactive approach to security and using a software-defined
strategy are steps in the right direction for creating “bulletproof”
strategies for government agencies (or at the least, greatly strengthening
defences). Breaches are occurring all the time – and organisations need to
accept that it is more than likely a breach has either already taken place
or is currently underway within their environment and that this can and
will happen without any notification. With that understanding comes a
recognition that the emphasis is no longer solely on building walls to keep
people out but on containing that breach and minimising the extent of it by
segmenting the IT environment, essentially building firedoors between
different parts of the infrastructure.

Government agencies need to step back and look at this from a true business
perspective. To do this, instead of focusing on perimeter defences,
cyber-security strategies need to focus on software-defined security
controls that separate security policy enforcement from the network or
other parts of the infrastructure. This enables organisations to align
their cyber-security functions around applications and users, without
worrying about each device or network element.

Building on the existing policies for user access and identity management,
security managers can use software-defined cryptographic segmentation to
ensure users have access to only the applications they specifically need to
do their jobs. Each cryptographic segment has its own encryption key,
preventing a hacker from moving from one compromised segment into another.
To put it simply, a health commissioner does not need access to drivers'
licence numbers, so therefore should not be able to access the segment of
the applications in which the numbers are stored. By carefully controlling
which users can access which applications in all internal and external
locations, the attack surface is reduced.

With this approach, government agencies can shrink the number of targets at
which a hacker can aim. Software-defined segmentation also narrows the
scope of a breach to a small, contained area rather than system wide and,
critically, does so in a way that removes the need to build new security
policies into the network infrastructure. Furthermore, as and when a breach
is detected, the segmentation policy means the organisation has immediate
visibility into the extent of the breach – enabling both targeted rather
than system wide lock down and a far more confident and measured response
to media, shareholders and customers.

Protecting government agencies from the fate of more data breaches is
possibly one of the biggest tasks being faced by security managers today.
But the reality is, taking six months to detect that a breach has occurred
is not tolerable and if immediate action isn't taken, the situation will
only get worse. What's more, traditional cyber-security tools won't solve
the problem. Security strategies that focus on containing breaches will
make the breach manageable, as even when a breach does occur, the hacker is
limited as to what damage can be achieved. Cyber-security doesn't need to
be complicated. The tools are there for the taking but a change in mind-set
is needed, and it is only when this is realised that this critical data
will be kept secure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160902/50940a0b/attachment.html>


More information about the BreachExchange mailing list