In a recent survey polling financial services, healthcare, manufacturing, and retail organizations, SilverSky learned that more than 70 percent designate the prevention of cybersecurity attacks as their highest priority when making resource allocation decisions.
This makes sense because many of us are deeply oriented to believe that an ounce of prevention is worth a pound of cure. However, to effectively defend the digital estate and its assets, we must construct a more sophisticated technology posture. Additionally, prevention-based security is straightforward. With a prevention-based approach, an organization can focus its attention and budget on improving its existing defenses. This strategy does not require the knowledge and expertise necessary for detection and remediation.
Finally, preventing a cyberattack is always better than responding to it. If an organization can prevent all attacks against its systems from succeeding, it never has to investigate and remediate a cybersecurity incident or data breach. However, are many organizations overly reliant on cybersecurity prevention?
The Shortcomings of Prevention-Heavy Cybersecurity
Prevention technologies such as UTM appliances, firewalls, web filtering services, and antivirus software are critically important and are continually becoming more advanced. Of course, preventative technologies need to be coupled with good digital estate hygiene like patches and software license updates.
However, prevention technologies fail to extend robust protection to all endpoints and often fail to detect breaches that have penetrated and are moving laterally through your networks.
Downsides of reliance on vulnerability patching
Prevention-based cybersecurity strategies rely heavily on vulnerability patching. An organization must patch a vulnerability shortly after the patch is released to protect its network; however, in reality, patch-based security is challenging to scale. More than 22,000 new vulnerabilities were discovered in 2019—33 percent were rated high severity based on their CVSS score, and many of these vulnerabilities had no associated patches.1
The average time between vulnerability disclosure and patch availability is approximately nine days.1 Most vulnerabilities are exploited as zero-days—the period before a patch is available for a given vulnerability. However, given that it is difficult for organizations to remain current with all needed patching activities, attackers often exploit vulnerabilities weeks, months, and years after patches are released.
Prevention-based strategies can’t keep pace with cybercriminal sophistication
Again, prevention technologies have made significant leaps in recent years, in large part because of advancing artificial intelligence and data analytics tools. However, the reality is that prevention will reduce the number of successful attacks, but cybercriminal approaches are continually growing in variety and sophistication. Here is a sampling of the types of advanced attacks companies face:
Advanced persistent threats (APT)—APTs tend to be particularly sophisticated threats and typically have the funding of a nation-state or state-sponsored group. They work to gain access to a computer network and usually remain undetected for an extended period until they find what they are looking for or can time their attack for maximum impact.
Smash and grab—Smash-and-grab approaches have made a comeback. Despite a low dwell time, the potential for exposure and damage is still high. Additionally, these attacks often aim to embed a backdoor so the attacker can return later.
Insider jobs—Insider jobs are pervasive threats that will not be detected by prevention technologies. These incidents involve solicitation of corporate IT professionals on the dark web. Recruited insiders receive hefty fees to execute or aid in the execution of the attacks.
Social engineering—Although some social engineering attacks are still spam-like in execution, many are increasingly well researched to better target victims and increase the likelihood of desired actions. Many of these attacks are extremely difficult to prevent; employee education, training, and a cybersecurity culture in which all employees participate are the best defenses.
Every company must continuously review its prevention tools and determine which technologies will offer the most effective prevention for the investment. However, a determined attacker will eventually succeed, and virtually every company will get hacked. For many years, SilverSky has been helping organizations protect their organizations by recognizing the critical importance of prevention, but also implementing detection, remediation, and response to act quickly and minimize damage when attackers do succeed. Let us know if we can help.