You are here

Broken promises: How trust affects cybersecurity

public://pictures/swm.jpg
Stan Wisseman, Chief Security Strategist, Micro Focus

Trust is fragile, and once lost it is hard to rebuild. We see this challenge in our politics, in our race relations, and between nation states. But as we have come to depend on our technology, cyber threats and vulnerabilities are also creating trust issues for businesses and other organizations. Consider these examples of broken trust in the cyber context:

  • Stolen credentials: On February 4, one of the most daring heists in modern times was attempted—$1 billion was stolen in a matter of minutes. This was the Bank of Bangladesh heist. The attackers, who are still at large, stole the codes used by the bank for the SWIFT network to initiate fund transfers. While legitimate SWIFT codes message errors fortunately thwarted all but one of the transfers, similar attacks have hit other banks in Asia, raising trust concerns about this critical financial network, which has 11,000 member banks.

  • Poor protection of sensitive data: The Office of Personnel Management (OPM) has the responsibility of safeguarding background investigation data for over 21.5 million US government employees and contractors. But, as widely reported and documented in this brief by the ICIT, OPM’s poor security practices didn’t make it difficult for threat actors to obtain all of the data they desired. This was a major breach of trust that will have grave ramifications to national security for years to come.

  • Supply-chain attacks: In order to increase efficiencies, enterprises are increasingly providing suppliers and third-party vendors with direct access to network resources and applications. TechNewsWorld reports that about 80 percent of data breaches originate in the supply chain. For example, an HVAC vendor was used as a conduit for the attack on Target in 2013.

  • Fake digital certificates: Digital certificates are the basis for trust online. Incidents of fake digital certificates (e.g., for some Google domains) threaten this fundamental trust model. Last month, Microsoft started pushing new root certificates through normal updates without explanation.

  • Vulnerable software: The primary causes of commonly exploited software vulnerabilities are consistently  defects and logic flaws. We want to assume that applications are secure and will keep our personal data private. However, as with the Pokemon Go application, frequently that’s not the case. Much has been written to guide software developers on how to integrate software security best practices into their development lifecycles. Despite all of this body of knowledge, we continue to see vulnerabilities software and exploited applications. 

[ Explore the challenges and opportunities facing SOCs in TechBeacon's new guide. Plus: Get the 2019 State of Security Operations report. ]

Be careful whom you trust

Regrettably, in today's threat environment, it's hard to determine who to trust. Trust and resiliency were major themes at this summer's Gartner Security & Risk Management Summit in Washington, D.C. where they recommended organizations take a different approach to cybersecurity and trust relationships. Gartner advocates establishing a workable level of trust that leverages trust attributes as a currency that can be brokered dynamically. This is all part of a Trust Application Overlay (TAO) architecture that was described in their keynote. Basically, we should view ourselves as islands and should be judicious with whom we allow on our island or connect to.

While Gartner’s proposed TAO architecture may not be achievable in the foreseeable future, I agree with Gartner's Mr. Felix Gaehtgens (Research Director in Systems, Security and Risk) who said at the summit:

“Security teams need to collaborate with developers to embed security functions into digital business.”

Some of the TAO design functions Mr. Gaehtgens cites that I recommend we should act on include pervasive use of encryption, component hardening, integration of software security throughout the SDLC, and use of RASPs. We also need to reduce the time it takes to identify and respond to threats. SIEMs help security professionals detect and respond to internal and external threats, reducing response time from hours or days to minutes.

Bringing statistical analysis approaches to bear on understanding what normal behavior is can also help ferret out complex and stealthy threats that have bypassed traditional security controls. Finally, sharing threat intelligence with trusted peers is critical to surviving in this fast-evolving threat environment.

The role and importance of trust cannot be overestimated or overvalued. The erosion of trust affects our society as well as the systems and tools we depend on daily. Take steps to validate your trust assumptions and make enhancements to help ensure that trust can be maintained before it’s broken.

[ Find out how to take control of credentials privilege in your organization in this Oct. 31 Webinar. You'll learn best practices, more. ]

[ Effective SecOps requires staying one step ahead. Get up to speed with this Webinar covering UEBA and MITRE ATT&CK ]