Trust is fragile, and once lost it is hard to rebuild. We see this challenge in our politics, in our race relations, and between nation states. But as we have come to depend on our technology, cyber threats and vulnerabilities are also creating trust issues for businesses and other organizations. Consider these examples of broken trust in the cyber context:
Stolen credentials: On February 4, one of the most daring heists in modern times was attempted—$1 billion was stolen in a matter of minutes. This was the Bank of Bangladesh heist. The attackers, who are still at large, stole the codes used by the bank for the SWIFT network to initiate fund transfers. While legitimate SWIFT codes message errors fortunately thwarted all but one of the transfers, similar attacks have hit other banks in Asia, raising trust concerns about this critical financial network, which has 11,000 member banks.
Poor protection of sensitive data: The Office of Personnel Management (OPM) has the responsibility of safeguarding background investigation data for over 21.5 million US government employees and contractors. But, as widely reported and documented in this brief by the ICIT, OPM’s poor security practices didn’t make it difficult for threat actors to obtain all of the data they desired. This was a major breach of trust that will have grave ramifications to national security for years to come.
Supply-chain attacks: In order to increase efficiencies, enterprises are increasingly providing suppliers and third-party vendors with direct access to network resources and applications. TechNewsWorld reports that about 80 percent of data breaches originate in the supply chain. For example, an HVAC vendor was used as a conduit for the attack on Target in 2013.
Fake digital certificates: Digital certificates are the basis for trust online. Incidents of fake digital certificates (e.g., for some Google domains) threaten this fundamental trust model. Last month, Microsoft started pushing new root certificates through normal updates without explanation.
Vulnerable software: The primary causes of commonly exploited software vulnerabilities are consistently defects and logic flaws. We want to assume that applications are secure and will keep our personal data private. However, as with the Pokemon Go application, frequently that’s not the case. Much has been written to guide software developers on how to integrate software security best practices into their development lifecycles. Despite all of this body of knowledge, we continue to see vulnerabilities software and exploited applications.
Be careful whom you trust
Regrettably, in today's threat environment, it's hard to determine who to trust. Trust and resiliency were major themes at this summer's Gartner Security & Risk Management Summit in Washington, D.C. where they recommended organizations take a different approach to cybersecurity and trust relationships. Gartner advocates establishing a workable level of trust that leverages trust attributes as a currency that can be brokered dynamically. This is all part of a Trust Application Overlay (TAO) architecture that was described in their keynote. Basically, we should view ourselves as islands and should be judicious with whom we allow on our island or connect to.
While Gartner’s proposed TAO architecture may not be achievable in the foreseeable future, I agree with Gartner's Mr. Felix Gaehtgens (Research Director in Systems, Security and Risk) who said at the summit:
“Security teams need to collaborate with developers to embed security functions into digital business.”
Some of the TAO design functions Mr. Gaehtgens cites that I recommend we should act on include pervasive use of encryption, component hardening, integration of software security throughout the SDLC, and use of RASPs. We also need to reduce the time it takes to identify and respond to threats. SIEMs help security professionals detect and respond to internal and external threats, reducing response time from hours or days to minutes.
Bringing statistical analysis approaches to bear on understanding what normal behavior is can also help ferret out complex and stealthy threats that have bypassed traditional security controls. Finally, sharing threat intelligence with trusted peers is critical to surviving in this fast-evolving threat environment.
The role and importance of trust cannot be overestimated or overvalued. The erosion of trust affects our society as well as the systems and tools we depend on daily. Take steps to validate your trust assumptions and make enhancements to help ensure that trust can be maintained before it’s broken.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.