Large enterprises. Mid-sized businesses. It seems like they’re all vulnerable to data security breaches today. It’s no longer as easy as locking up the front door of the business. Just ask Slack, Target and even Salesforce, each of which dealt with cyber attacks on some level in the past few years. Businesses don’t have to be entirely vulnerable, though. In this discussion point, CMS Wire asked several security industry officials to weigh in on the sources of breaches at large enterprises.
The Question: Why do large enterprises have security breaches?
PJ Kirner, CTO and founder, Illumio says:
“Large enterprise data breaches fall into a clear pattern. At a high level, attacks that lead to data breaches follow a sequence — the initial attack, followed by propagation to other vulnerable systems in the network, collection of sensitive data from compromised systems and finally exfiltration of information.
Over time, attacks have become more sophisticated and targeted with many variations in the modus operandi of the initial attack, from opportunistic attempts driven by security errors to malicious insiders, organised crime rings and hacktivists. But the processes by which the attack takes hold and the attacker makes away with sensitive data still remain largely the same.
Enterprises have focused a lot of attention on efforts to stave off this initial attack. They have spent billions of dollars bolstering perimeter defences in the hope that the attack can be prevented from even arriving at the door step. However, recent events and high profile breaches have highlighted the problem of this one-dimensional approach to security which allows attackers to exploit the weak insides of data centers or clouds after they sneak past the perimeter.
Enterprise data centers and even public clouds suffer from a problem of gratuitous connectivity — or the ability for servers to communicate simply because a network path exists. This is the single biggest vector by which attacks spread laterally from one compromised system to the other. The lack of visibility and control over the traffic between servers behind the perimeter means that attackers have very little resistance once they’re inside.
Security solutions must address the issue of unintended connectivity by decoupling the enforcement of security from the network. They must dynamically secure the communications between server with granular and automated controls to restrict interactions based on application needs. With the right application segmentation and isolation, enterprises will have a better chance at preventing data breaches even after the initial attack.”
Rehan Jalil, CEO, Elastica says:
“A key challenge enterprises face in modern security breaches is that attacks have become an asymmetrical threat — in favor of the attackers. Whether it is nation-states, criminal enterprises or rogue individuals, any one of them needs to find only one weakness in a complex web of technology and data. With immense resources at the attackers’ disposal, organizations need to think very differently about security.
Furthermore, the economics of data have moved away from direct payment information (e.g. credit card numbers) and more into detailed records (like healthcare records). Recent reports even claim that cyber theft is more lucrative than the illegal drug trade! Enterprises need more sophisticated analysis to help detect and stop these data breaches. The typical perimeter and defense-in-depth approach may be necessary but no longer sufficient with the high mobility of both workers and data.
Enterprises need to think about leveraging the power of web scale systems coupled with modern techniques such as data science and machine learning to continuously monitor user behavior and identify suspicious patterns, without requiring constant human supervision. It is through data science that companies can help level the playing field without dramatically accelerating security spend.”
Source: CMS Wire