Many organizations struggle with the IT environment and network. It is where productivity, mission, and success will either be reached or not. Access to network assets is as essential to the malicious actor as it is to us and should therefore be considered one of the corporate crown jewels.
We see data breaches occurring on an almost daily basis. Reporters discuss some of these in the daily news, while we can find discussions of other incidents on social media channels. It seems as if organizations are operating in a state of never-ending compromise for all intent and purposes.
We need to understand what is meant by “compromise” in the context of Information Security. I have spent more than ten years in the career field and noticed that it usually involves an outside entity gaining access to our networks. A compromise can also include people inside our organization. Regardless of the source, leadership will almost universally ask for an explanation of why the incident happened. To understand the “why,” we must first examine the “how.” Doing so will require us to understand the information security program.
I’ve observed that there a large of organizations that may have antivirus in place, but this is usually misconfigured and inconsistently deployed. Network firewalls or may not be next generation but are not usually utilizing an optimized security configuration. Operating systems will usually not have default configuration disabled, resulting in an increased attack surface. Thankfully, we are moving past these issues for the most part, but unfortunately, it will usually require a compromise for the organization to begin taking security seriously.
I’ve found it odd that there were not nearly as many compromises ten years ago as there are today. We had far less sophisticated tooling available to secure our networks. Network intrusion detection systems were in their infancy, very few companies had migrated to a next-generation firewall, and application controls were almost nonexistent.
Overall, we are in a much better position to secure our networks today. At the same time, we are experiencing many more data breaches than ever before. Our discussion moving forward will focus on why I believe this to be true.