Every year on 2nd February, in the US town of Pennsylvania, people gather in droves to watch a groundhog predict how much longer winter will last. According to folklore, if it is cloudy when a groundhog emerges from its burrow on this day, then the spring season will arrive early, but if it is sunny, the groundhog will supposedly see its shadow and retreat back into its den, and winter weather will persist for six more weeks.
For Americans, it’s a traditional holiday and a pretty big deal to see this glorified gerbil pop up and look terrified as throngs of onlookers wait in hushed silence to see whether the mighty Phil from Punxsutawney will see his shadow.
Historically, the varmint is only 39 percent accurate, but in truth that’s probably better than most human non-groundhog meteorologists.
I watched the spectacle being reported on the news and once again, I got to thinking about how it relates to cyber security. Yes, folks, I’m a geek.
Like groundhogs, security leadership and CSOs constantly emerge from their burrows — excuse me, offices — and tentatively look around for their shadows. In this scenario, it’s usually a compromise or data breach.
Once they see it, their eyes get big and they scurry back below ground to their safe space where they cross their fingers and hope everything blows over. They can re-emerge once the bad weather is gone.
This plays out time and time again. Year after year, more security leaders see their shadow. Why? Because when it comes to cyber security, people usually face the same direction. Unfortunately, the position of the sun (the security industry itself) typically doesn’t move much.
CSOs tend to fall into the same traps day in, day out, in an often vicious, unbreakable cycle (sort of like the plot of the movie “Groundhog Day”) where the lead actor Bill Murray has to relive the 2nd February on a loop until he changes his actions. Unless CSOs want to keep waking up to relive the same cyber attack with the same set of consequences, they need to shift attitudes towards security.
Security becomes a constant game of whack-a-mole (or whack-a-groundhog, in this case); a threat pops up, you try your best to knock it back into its hole, only to have another appear. Then another, and another. It’s nearly impossible to keep up. The shadow of the last breach or most recent compromise is always there, taunting them.
In the end, it leads to six more weeks (or more) of winter (subpar security).
Break the Cycle
Attitudes toward security must shift if security leadership and CSOs ever hope to stop staring at that shadow and break the cycle.
The luxury of security teams being able to work 9-to-5 are long gone. Now is the dawn of the 24/7 security team. Cyber criminals don’t go and unplug their devices when we shut ours down at the end of the day. So, as more security solutions are becoming services-based, consumers and businesses will need their security teams and vendors to be available around the clock. While monitoring tools do some of the work, threats don’t stop just because it’s midnight, and security teams need to be ready to do battle all day, every day.
Here are some best practices cyber security pros can leverage to break out of the Groundhog Day rut and improve security. It’s time to emerge shadow-free:
Be proactive: Trying to stop threats as they occur is inadequate. Eventually, you’ll be overpowered and something will get through. Protect the network and your apps at the edge. Put solutions in place that catch and mitigate threats before they get in.
Defend your network and apps: Do you have adequate protection from DDoS attacks? How about the ability to uncover threats concealed in SSL- encrypted traffic? These types of solutions can help you avoid reliving the same attacks over and over again.
Create and enforce a strong security policy: An unenforced security policy is less valuable than the paper it’s printed on. Hold end-users, employees and yourself accountable. Companies will spend a great deal of time drafting security policies that ultimately go unenforced.
Train your users: Do your end-users know how to set strong passwords across personal and business accounts? How to use two-factor authentication? How to spot a phishing email? Train them to be security-minded.
Think security first: So often, security is an afterthought. When you spin up apps and solutions, security should always be among the first questions.
Make sure you have complete visibility: Understand what is happening across all areas of the network is imperative to keeping hacks from occurring. “Shadow IT” is one of the biggest threats to corporate security. IT managers need to have 100 percent visibility into resources and assets across all departments.
Test and assess: Perform tests on your network and applications to uncover any potential vulnerabilities. Just because you haven’t seen it, doesn’t mean it isn’t there. Regular tests can break you out of the repetitive cycle of fighting threats.
IT decision makers need to think more strategically: The bad guys are looking for ROI just like the good guys, and they don’t want to work too hard to get it. Instead of focusing on doing everything right 100 percent of the time, IT leaders can be more effective by doing a few things very strategically with the best technology available. Just like the groundhog predicts how long is left of winter, the security team will benefit from making predictions before attacks take place. Be one step ahead.
These simple steps can help CSOs avoid seeing their shadow and getting stuck with six more weeks (or much longer) of bad security.
Duncan Hughes, Systems Engineering Director, EMEA, A10 Networks
Image Credit: ESB Professional / Shutterstock