A lot of Cyber Attacks are preventable to include many of the ones that made the news but keep in mind there is an entire underbelly of cyber attacks and breaches that never make the news. Either they are classified or the organization; it’s too embarrassing so they rather take the hit and not report it if they can get away with not reporting it. Not everything can be prevented because there are really two classes of attack. One, you happen to be not doing a good job of paying attention to the basics things and you just happen to get caught up in a sweep when they are looking for easy targets. Or two, there is an advanced persistent threat that targets you. If you take one of these APT groups that are usually state-sponsored, that are usually funded by some government organizations and they target you; there is not a lot that you can do to prevent that.
If you look at a lot of the big breaches that have happened they were still compromised by very basics things. I don’t want to make it sound like if you do these things, it’s going to one hundred percent protect you. If you do these things, it’s going to make it harder, much harder for these guys to get there. But if they target you and they have the funding, the resources, they are going to get in at some point, and there is really not a ton you can do about it.
There is a movement for in the industry at mature security organizations, in other words, companies that have a mature security program have kind of accept the fact that look, we are probably going to get breached at some point. We are going to get hacked so how can we continue the business? What’s our process for business continuity? How do we increase our ability to detect that we’ve been compromised? There is a big movement in between protection and response where some of the resources are being devoted to that and not so much being spent on preventative, and what that leads to is a much better posture. If you really understand the attacks, then that puts you in the better positions to know when it happens because now you know what the attacks look like. You will see it happening a lot faster than someone that doesn’t know what’s happening until your data is for sale on the internet. Learning how to do the attacks and getting on the offensive empowers you to better detection and response decisions.
Now going forward in the future there is a lot of companies out there that are thinking things like Machine Learning and AI saying oh! We are back to prevention now. We can truly prevent because we’ve got artificial Intelligence and I would caution people of that. I actually had a presentation at a conference in Vegas last October 2018. In that conference, I talked about the truth vs. the myths as related to how many of your CyberSecurity problems AI is actually going to solve. What amazes me is people seem to forget that if we are doing it, don’t you think that bad guys are doing it as well. You are going to have two AI bots competing against each other and whenever we have that situation where the good guys and the bad guys are competing the bad guys have won historically. It’s like we still are not learning these lessons.
Every time we come out with the latest technology, we think that’s going to solve all of our CyberSecurity problems. It turns out that later we find out the bad guys have already counted on us doing that and they’ve got countermeasures to get around that.
Cyber Attacks, for the most part, can be prevented. However, it takes both internal and external control to accomplish it. It is dangerous and somewhat irresponsible to do it on your own. Even with the advancement of AI as a greater part of the internal process, you still need the balance of external testing to validate your efforts.