It is bordering on clichÃ© to acknowledge that the Internet is a double-edged sword. As time goes by, the statement takes on even greater significance, in light of its ubiquitous presence in every aspect of our lives. When all companies had to worry about was controlling employee access to non-work-related activities such as social media, or shopping sites, securing the organization network against threats was relatively clear-cut. Simply deploy a Web access management solution and block access to the potentially troublesome sites. Unfortunately, this has changed.
Today, organizations must weigh the advantages and pitfalls of the technologies they employ in a global environment, where everyone is connected to the Internet – and not just via their workstations, laptops and smartphones. We will soon confront a workplace where many machines – the Internet of Things – and a wide range of wearables are also connected. A recent Pew Research report predicts that by 2025, embedded and wearable computing will dominate the mainstream. While this incursion of wearables in the workplace has already begun, many organizations are ill prepared to secure them.
The risks of wearables and the Internet of Things
Part of the dilemma is the fact that many of these technological advances will be hard for businesses to resist. Imagine a factory where a foreman has sensors in his shoes that can receive instant information about the status of machinery, just by walking around the production floor. In the healthcare industry, wearables are already making strides. Consider the savings resulting from wearable technology that can remotely monitor a patient, convey in-depth readings of his condition to a physician, who can then prescribe a course of treatment without requiring the patient to leave his house.
The popularity of social media applications has added more risks factors and most organizations have abandoned the approach of blocking access to these sites at work. One reason is that businesses routinely leverage social media to promote their own products and services, so banning access altogether isn’t realistic. Accessing social media via tablets and smartphones is outpacing traditional workstations, and it is only a matter of time before wearables such as smartwatches become the devices of choice for users to update their LinkedIn accounts or post a link on the corporate Twitter account.
Many of these emerging technologies can deliver huge returns for organizations by reducing costs, lowering TCO and increasing efficiency. However, the risks they present are substantial because they involve the transfer of data. And while large data breaches, like those incurred by Sony, Target, Home Depot, eBay and a host of others, make international headlines, thousands of attacks on a smaller scale, but just as damaging, are happening every day. With the rising popularity and acceptance of wearable and embedded computing, we can expect to see even more incidents in the coming years.
The White House weighs in on cyber security
The White House and Department of Homeland Security clearly recognize the risks and have proposed new legislation to try and mandate some guidelines to bolster cyber security, particularly around our critical energy and transportation industries. However, they also acknowledge that today’s cyber-attacks are increasingly targeted, and aimed at circumventing the network security of enterprises large and small. Attackers are increasingly using sophisticated tactics such as evasive ports and protocols to get past gateway security.
Port and protocol evasive techniques
The success of these new methods of attack depends on several factors. Port evasive exploits rely on the fact that many solutions lack visibility and control over all 131,000 data channels on the network. Most standard Web security solutions monitor only ports 80 and 443, the standard ports for HTTP and HTTPS traffic. Today’s evasive malware is designed to travel over high, streaming ports so it frequently goes undetected until it contacts an outside C&C server. Another trend gaining momentum is attacks using evasive protocols, which are also undetectable by many standard security solutions, including most SWGs and NG firewalls. Services such as TOR, which were created to enable anonymous browsing, are being hijacked for protocol evasive exploits that make them virtually invisible to traditional security technologies. Wearables and machines connected to an organization’s network are as vulnerable to these evasive attacks as laptops and tablets. Many of these machines, which may be used to control critical services in industries like healthcare or energy, are only as safe as the network security solutions deployed to protect them.
A new approach is needed
When an intrusion is successful and the network is hosting an active infection, we need security measures that can focus as much on outbound traffic as on inbound gateway protection. After all, it is on the outbound data stream where data exfiltration occurs. Yet many vendors continuously tout their ability to block more malware. Clearly, this one-sided approach is not enough. A new approach is needed, one that includes critical gateway protection such as sandboxing and best-of-breed AV, but also focuses on outbound protection. Some examples of this approach include:
- Continuous monitoring of all traffic both inbound and outbound with visibility into all ports and protocols, including high streaming ports and encrypted protocols, where evasive threats hide.
- Network baselining for anomaly detection that can notify IT when unusual traffic is identified, signifying possible data exfiltration. In the Sony breach, estimated terabytes of data left the organization before the problem was detected.
- Technology that can shorten the time an infection is on the network, because data exfiltration can occur before an organization knows what hit it.
The human element plays a role
According to some reports, both the Sony and Target incidents involved some degree of insider assistance. This is a thorny issue and some may argue that human behavior is more difficult to predict than network behavior. There are steps organizations can take to reduce the risk of insider threats. Of course, rigorous pre-employment vetting is important for a variety of reasons, but even more so when so much sensitive data is accessible across organizations. It’s also critical to have Internet access policies in place and the technology to accurately enforce them. With all the machines potentially on your network, both corporate and privately-owned, including tablets, smartphones and wearables, you must be able to monitor them all and pinpoint the high-risk devices and/or users quickly when problems arise.
Even companies that feel they have done everything possible to secure their networks and users through technology and iron-clad policies may still be victims of data breaches, because hackers are as driven to break their security as they are to make it unbreakable. The key is to be proactive, stay abreast of security technology developments, and train your workforce. Most importantly, you must accept the fact that some malware will get past your gateway defenses and you must be prepared to deal with it. Deploying lean forward technologies that can detect and respond before data exfiltration occurs can spell the difference between a minor security glitch and a catastrophic data breach.