Cyber attacks are improving faster than cyber defenses, resulting in a gap in effectiveness that means that cyber defense is, unfortunately, losing ground over time.
Times have changed significantly. For generations and decades before, we were concerned with a man who can break the shutter of our office and can steal the valuable assets from our office premises including cash. But a far more frightening and unexpected threat has replaced the old smash and grab. Now, the deadliest and detrimental action to impact your business can occur at the hands of a guy sitting at his computer in his pajamas halfway around the world. Now all it takes is a highly specialized set of skills and an Internet connection to bring your business to its knees. And the worst part: you will never see it coming. There will be no DNA, no fingerprints, and no video of the culprit. This thief now we call cybercriminal will infiltrate your business through the closed circuit back roads of the Internet, leaving no sign of entry or exit.
Today the threat of a cyber breach is so high that no organization is safe. The cyber criminals have all the same security technologies that we have, and they use these technologies to develop malware that can evade detection. Although the attackers are very sophisticated with dangerous weapons and tools, a majority of the time they do not use these sophisticated tools because they are unnecessary to breach most organizations. Many companies think they are safe from intrusions by having firewalls, antivirus tools, and intrusion/detection prevention systems that will protect them. But this couldn’t be farther from the truth. These security technologies alone are far from capable of stopping a determined attacker. In fact, most companies go so far as to help the attackers. They don’t just leave the back door open; they leave the front door wide open with no guard and a big welcome sign flashing over it.
The modern cyber security architecture of secured networks, firewall protection, and anti-virus on endpoints does not seem to be holding up well against cyber attacks consisting of protocol tunneling, spear phishing, and zero-day attacks on endpoints and servers alike. In fact, given the complexity of modern devices, the exploding size of modern IT enterprises, the interconnections among partners, vendors, and customers, and the rise of bring-your-own-device (BYOD) and cloud services, even maintaining the defenses of ten years ago is an increasingly daunting task for systems administrators and cyber security professionals.
Given this increase in IT complexity and the fact that cyber security has to be applied to everything, one has to wonder if cyber defenses are actually moving backward against these headwinds. The control over the enterprise that existed ten years ago is loosened up in the name of improving efficiency, increasing capacity and productivity, and reducing costs. Cyber defenders are often prohibited from talking to each other, so effective defensive techniques are not even being disseminated. Cyber security professionals are being squeezed on all sides.
At the same time, cyber defenders are facing these headwinds, cyber attackers and the technologies they use are only getting better and better. As defensive technologies have been upgraded, experience has shown the development of cyber attacks capable of defeating defenses. The result is a consistent arms race between cyber attacker and cyber defenders. The attackers have some important advantages in this race. Attackers are not subject to budget cycles or resource availability. Attackers are not competing for resources with other business priorities. Attackers can instantly share techniques and tools that work against specific defenses while defenders have to upgrade defenses one at a time. Finally, attackers have the advantage of the initiative.
In other words, attackers only have to succeed once, while the defenders have to succeed each and every time.