Image: James Sutton-Unsplash
The playbook for cyber security has always been public with the vast catalog of frameworks, recommended security controls and best practices just a google search away; It was inevitable that sooner or later these strategies would be leveraged by the bad guys. Pre Eric Snowden era only a small percentage of internet traffic was encrypted in the ball park of 25%. Life was good for security practitioners as they deployed simple tools to monitor network traffic which allowed for quick attribution and identification of malicious activities. Then something unexpected happened, an inverse scenario occurred where over 70% of internet traffic now utilizes encryption while only a small portion remains transmitted in plain text. This rendered many traffic analysis tools useless and left security specialists blind on a cyber battlefield.
So what happens when the internet is 100% encrypted? Sure we will be more secure with our digital communications, but how will signature based network intrusion detection/prevention systems stop an attacker’s encrypted malware payload from reaching our sensitive systems if it can’t see it? and how will attribution be achieved to identify and block threat actors? we are now trying to read the bad guys hand with a blind fold.
This is the tip of the iceberg, but we can start with some simple things to adapt to this new world.
Image: Novia Wu- Unsplash
When You Can’t See, You Feel.
Imagine being blind folded with an objective to identity 3 round fruits. When you cannot see you must rely on expected attributes to identify these items, in this case, smell, texture and taste.
In the world of cyber this means that when you can no longer clearly identify useful information with your security tools you will need to deploy systems that can detect and action patterns in encrypted traffic. Although encrypted data cannot be read, in most cases data behaves in a predictable manner when traversing the network. It is recommended to deploy systems such as Cisco’s StealthWatch which can perform encrypted traffic analytics to help detect and prevent exploitation of your critical systems.
Develop a Risk Driven Strategy
Most businesses today that do not employ a dedicated cyber security specialist are obsessed over traditional cyber tactics such as host and network intrusion detection/prevention systems, firewall and antivirus. They are unaware of the evolving threat landscape which creates a need to deploy enhanced encryption techniques, detection and prevention mechanisms.
One aspect of security that all businesses can influence is outbound detection. You may not be able to prevent the thief from breaking into your home, but you can record him leaving with the TV. Poor outbound detection is one of the primary reasons why businesses experience advanced persistent threats that continue long after the initial compromise. Combine this with ineffective inbound detection and prevention of encrypted payloads and you have another media story of a massive data breach to add to the stack. Under the General Data Protection Regulation companies will be held liable up to 20 million dollars if it is found that data compromise is due to negligence or lack of due diligence.
As the world becomes more secure and obscure so does the methods of the attackers. Naturally cryptographers are constantly striving for better encryption algorithms to combat the threat of emerging quantum computers and powerful systems that will dramatically reduce the time required to crack an encryption cipher, but this effort will inadvertently also increase the required computing power and intelligence of our threat detection tools.
The world is rapidly changing, the threat platform is growing and technology is becoming more advanced. When everything is secure, nothing is secure. It’s time to rethink security and tilt the playing field once again to when the bad guys knew there was an arsenal on the front lines. Ditch the false sense of security and stay vigilant!
Author: Magic Mike is a Cybersecurity expert and partner in The Advisory Network. The Advisory Network is focused on demystifying digital solutions for its clients in the cybersecurity, emerging technology and digital transformation space. Contact us at https://theadvisorynetwork.io