DUBAI, United Arab Emirates: It's often helpful to poke our heads above the tree line and see what's happening in the world around us in the form of major cybersecurity trends affecting all of us. With cybersecurity incidents and developments in the headlines daily, there's no better time to try to make sense of it all - and plot a line across trends to show us where the market is headed.
Here are just the top stories in the news from the past few months. Craig Carpenter, Chief Marketing Officer at AccessData says that they all point in the same direction, namely the dire need for near real-time detection, remediation, response and resolution of cyber incidents:
The OpenSSL story is just getting started. The "Heartbleed" Open SSL flaw was a very big deal when uncovered a mere month ago, as Open SSL is used to secure roughly 2/3 of the world's web sites. Now just a month later there is reportedly a second major flaw in Open SSL that leaves unpatched web servers vulnerable to a man-in-the-middle attack.
State-sponsored espionage rhetoric increases. The US and China kicked their simmering cyberhacking feud to an entirely new level in May when the US indicted 5 members of the People's Liberation Army for "computer hacking, economic espionage, trade secret theft, aggravated identity theft, and other offenses." To no one's surprise, China's response was swift and equally strongly worded.
The breach drumbeat goes on. Just when we thought we'd moved past hearing the term "Target breach" ad nauseam, eBay became the latest victim of a major cyberbreach, announcing in late May that an encrypted database housing user data had been hacked. eBay asked its 145 million users to reset their passwords as a "precautionary measure." The online auction giant was criticized widely for its allegedly slow response to the breach, a breach that is rumored to have gone weeks without being detected. Authorities in at least four states and the US's Federal Trade Commission immediately launched an investigation into the breach and eBay's response to it. Which takes us to...
Global governments increase pressure on breach notification and cybercrime penalties. Whether due to a genuine interest in protecting consumers or in an effort to gain politically from being seen to be "doing something" (or both), governments across the world rushed to aid consumers when their data has been compromised and to bring cybercriminals to justice. The EU already has arguably the world's most stringent notification requirement (within 24 hours of "detection"), currently applicable only to ISPs but potentially extending to all enterprises in the near future. The US's Federal Trade Commission has already had a healthcare data breach notification requirement for four years, and has made no secret of its strong desire to stringently regulate breach notification at the national level as part of its privacy protection mandate. Heck, even the Queen of England got in on the action by proposing life sentences to serious hackers.
That's a staggering amount of news for the cybersecurity industry to absorb in a year, let alone in a four week span. But while the stories themselves are all different, they all point in the same direction for the cybersecurity market. Here's what they're telling us about where the cybersecurity world is and where it's headed:
Everyone is compromised, so you'd better be ready to act. The days of keeping bad guys out are gone. State-sponsored hackers have virtually limitless resources and time - something none of the rest of us enjoy. And even if state-sponsored hackers aren't focused on your crown jewels, there is undoubtedly some vulnerability already on your network you aren't even aware of (think Open SSL). By far your safest approach is to assume you'll be compromised. Which means that...
Detection, confirmation and quick remediation are the keys. If you are going to be compromised, you need to know where and when bad things are happening - real compromises, not false alarms - so they can be shut down. As Verizon's 2014 Data Breach Investigations Report shows, speed here matters a great deal, both in detection and dwell time (time between discovery and remediation), as it can take mere minutes for critical data to be exfiltrated from a network.
Quick remediation is critical, but so is insight. With so many government entities pushing to codify stringent breach notification requirements - and a 24-hour breach reporting requirement threatening to go EU-wide - knowing what happened with any material breach has also become mandatory. Waiting days or weeks to let customers know what may have happened with their data simply won't cut it going forward.
While these cybersecurity requirements may seem daunting, they shouldn't be. An era of continuous compromise calls for a response that is equally continuous, fast and comprehensive. As an industry, we need to look beyond anti-virus and single point solutions and focus on the integration and sharing of threat detection and response to address these sophisticated attacks.