An Ounce of Cyber Prevention is Worth 143 Million in Cure

JOE CISO on October 03, 2017 | 1

We paid our way through the WannaCry and NotPetya ransomware attacks only a few months ago and yet they already feel like ancient history. Then along came a massive cyber attack against Equifax. Hiding like a stealthy fighter plane during Operation Desert Storm, highly lethal but undetectable, some unknown hacker, probably working from his laptop out of his unkempt bedroom, exploited a teeny-tiny hole in some 3rd-party web application for which a known patch was available but not yet applied.

Hey, it was just a minor oversight in IT procedures. How bad could that be?

Equifax, one of the three credit reporting agencies in the US (Experian and TransUnion are the other two; are they next?), was forced to admit that it was compromised between mid-May and July. Hackers took advantage of that window of opportunity to penetrate the company’s digital defenses, gaining access to the personal data of 143 million people! Exposed were Social Security numbers, credit card numbers and other personally identifying information like birth dates, addresses and driver’s license numbers. No less than two-thirds of all Americans with credit reports were affected, along with many Brits and Canadians. Since disclosing the breach, Equifax lost several executives, including the CEO, and has been issued a subpoena from New York State’s financial service regulators.

According to money expert, Clark Howard, the Equifax cybersecurity attack is the “worst data breach in the history of the modern era.” Consumer Financial Protection Bureau Director Richard Cordray said Equifax, TransUnion and Experian will now be getting embedded regulators to ensure that similar breaches of private information don’t happen again

However, we absolutely know that cyberattacks like this will continue to wreak havoc on organizations of all sizes, costing billions of dollars in damages. In the weeks since Equifax first made the headlines, CNN also reported an intrusion into the SEC, a hack at major accounting firm Deloitte and a major data breach at Amazon subsidiary Whole Foods. Seems that every few weeks we encounter a new attack that is greater than the last.

Equifax maintains a 7/24/365 Security Operations Center (SOC) whose sole purpose in life is to keep hackers out of their endpoints, networks and files. The network is protected by rings of intrusion detection systems, firewalls, and the like. Each and every endpoint carries several EDR, FW, AV and other systems. Data is hidden away and protected by heavily credentialed-access requirements.

Equifax is at least as safe as any other large enterprise. What could go wrong?

Try explaining that to 143 million compromised Americans.

I am here to tell you, point blank, that no matter how you try to protect your endpoints, your network and your data, you will be breached. There is absolutely no way that you can possibly protect against temporary security holes in Microsoft Windows (WannaCry’s focus of exploitation) or 3rd-party web applications. No matter how well your arsenal of cyber defense detects threats, there will always be some that sneak through. You can load up on all the next-generation cyber defenses that you can get your hands on and you are still wandering about like a poorly armed hermit in bear country.

According to This is Money magazine, cyber attacks aimed at UK businesses have rocketed by more than 50% in a year and continue to escalate. Everybody in the cyber industry with whom I talk echoes these kinds of figures. According to most real-world statistics, endpoints are the most powerful magnets for hackers, attracting about two-thirds of all cyber attacks.

Yes, by all means, load your endpoints up with every cyber defense mechanism, tool, application and methodology you can afford—they all help—but don’t think for a moment that you are completely immunized against this ubiquitous and toxic phenomenon called hacking. With daily alerts numbering in the thousands (tens of thousands in finance and some other industries), even a 0.0001% rate of success by a lucky, anonymous hacker can reduce your company to rubble.

In the case of the Equifax scandal, it appears that a 3rd-party web application was the culprit. There are loads of web applications that enterprises use every day. Do IT managers have control over these applications?  Do they know if exploitation of any of these applications is going to be the headline in tomorrow’s Hacker News?

No, nobody this side of Heaven really knows, but we all go on using these applications as if we had some sort of perfectly adapting cyber-immunization system protecting us. Like Equifax, despite its giant cyber security budget, we don’t. We are susceptible.

You and I have no control over how web apps are built and function, and cannot possibly know what’s getting into the network and data via those apps. With more than 90% of undetected threats originating through the web, detection-based products cannot possibly protect your data.

I know that many web apps have become staples in your company and you wouldn’t be able to function without them. Who is going to stop using Salesforce, Office365, or SharePoint because of the threat of hacking? Life must go on and so must company productivity.

I want to suggest an absolutely essential method for preventing cyber attack via the web. It isn’t the complete panacea to hacking, but it will definitely reduce your attack surface significantly.

The principle is dead simple - Don’t let any web app execute on your endpoints. In fact, don’t let anybody browse the web directly from any endpoint in your network.

…and no, I have not gone insane.

Remote browser isolation enables SAFE browsing and use of all your favorite web apps. It’s an imperative additional layer in every network.

Ericom Shield executes all web content on an external server, within a contained virtual environment (not on company endpoints).

Ericom Shield executes a dedicated virtual browser for each user’s browsing session, and each individual tab. The virtual browser launches in an isolated environment outside the network, ensuring that no malware can penetrate or reach the endpoint. Thus detection isn’t necessary, as neither innocuous nor malicious browser-based code is able to execute within the corporate network. Even zero-day attacks are intercepted, contained and ultimately disposed of (along with the entire virtual browsing environment), without ever touching the endpoint.

The end user views the web content in real-time as a safe content stream, providing a native, interactive and threat-free browsing experience. Downloaded files are also sanitized, using a pre-integrated Content Disarm and Reconstruction (CDR) process, before being released to the end user device. In this way, Ericom Shield maintains a completely seamless, comprehensive solution for secure browsing that is supported by all operating systems and devices.

Ericom Shield can be deployed on-premise or in the cloud. It’s quite simple to try it out. The results are stunning and immediate.

Yes, the saying about an ounce of prevention is true. 143 million Americans can’t be wrong. 

 

Author | 5 Blog Posts

Joe CISO

Joe CISO is the information security professional responsible for protecting the organization from all cyber threats, including ransomware, dirve-by donwnloads and zero-day exploits. | Ericom Software

Most Popular Articles