The Secure Perimeter Cybersecurity Model Is Broken

Want to keep yourself up at night, spend some time reading about the latest developments in cybersecurity. Airplanes hacked, cars hacked, vulnerabilities in a breathtaking range of sensitive equipment from TSA locks to voting booths to medical devices.

The big picture is even scarier. Former NSA Director Mike McConnell suspects China has hacked “every major corporation” in the US. Edward Snowden’s NSA leaks revealed the US government has its own national and international hacking to account for. And the Ponemon Institute says 110 million Americans saw their identities compromised in 2014. That’s one-in-two American adults.

The system is broken. It isn’t keeping us, companies, or our government safe. Worse yet, no one seems to know how to fix it.

This wasn’t difficult in the early days of the Internet and online threats. But today, most private networks have far too many endpoints to properly secure. In an age of “Bring Your Own Device,” the cloud, remote access, and the Internet of Things, there are too many vulnerabilities that hackers can exploit. 

But the security paradigm remains focused on perimeter defense because, frankly, no one knows what else to do. To address threats, security experts should assume compromise, that hackers and malware already have breached their defenses, or soon will and instead classify and mitigate threats.

The information security community has a model to assess and respond to threats, at least as a starting point. It breaks information security into three essential components: confidentiality, integrity, and availability.

  • Confidentiality means protecting and keeping your secrets. Espionage and data theft are threats to confidentiality.
  • Integrity means assessing whether the software and critical data within your networks and systems are compromised with malicious or unauthorized code or bugs. Viruses and malware compromise the integrity of the systems they infect.
  • Availability means keeping your services running, and giving administrators access to key networks and controls. Denial of service and data deletion attacks threaten availability.

Of these, integrity is the least understood and most nebulous. And what many people don’t realize is it’s the greatest threat to businesses and governments today.

Meanwhile, the cybersecurity industry remains overwhelmingly focused on confidentiality. Its mantra is “encrypt everything.” This is noble, and essential to good security. But without integrity protection, the keys that protect encrypted data are themselves vulnerable to malicious alteration. We can no longer count on keeping the hackers out. Let’s work on ensuring we can catch them once they break in. 

Wired:         Security Week

« Could IS Create A Cyber War?
Intelligence Agencies Should Recruit Like Google »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Council on Foreign Relations (CFR)

Council on Foreign Relations (CFR)

CFR is dedicated to better understanding the world and the foreign policy choices facing the USA and other countries. Cyber security is covered within the CFR topic areas.

Fenror7

Fenror7

Fenror7 lowers the TTD (Time To Detection) of hackers, malwares and APTs in enterprises and organizations from 300 days on average to 24 hrs or less.

Radiflow

Radiflow

Radiflow is a leading provider of cyber security solutions for critical infrastructure networks (i.e. SCADA), such as power utilities, oil & gas, water and others.

Titanium Industrial Security

Titanium Industrial Security

Titanium Industrial Security specializes in advising and accompanying companies on cybersecurity in Connected Industry (Industry 4.0 / Smart Factory / IIoT).

Precise Biometrics

Precise Biometrics

Precise Biometrics develop and sell fingerprint software for convenient and secure authentication of people’s identity in mobile devices, smart cards and other products with fingerprint sensors.

Vesta

Vesta

Vesta Corporation is a global provider of a scalable suite of fraud and payment solutions for online commerce.

African Cyber Security

African Cyber Security

African Cyber Security and it's partners, have the expertise and skills to provide holistic solutions for companies, institutions and government.

HardSecure

HardSecure

Hardsecure supports organizations to face security threats through the adoption of cybersecurity capabilities that guarantee 360º monitoring, visibility, mitigation, and blocking.

KnectIQ

KnectIQ

Building Trust Environments in a Zero-Trust World. KnectIQ offers KIQAssure, an Ultra High Security Solution for Data in Flight.

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute builds on the strength of its members in the area of network and communication security, artificial intelligence, big data and cyber physical systems.

MVP Tech

MVP Tech

MVP Tech designs and deploys next generation infrastructures where Security and Technology converge.

AdEPT Technology Group

AdEPT Technology Group

AdEPT are a managed services and telecommunications provider offering award-winning, proven and uncomplicated technical solutions for over 12,000 organisations across the UK.

Darktrace

Darktrace

Darktrace is a global leader in cybersecurity AI, delivering complete AI-powered solutions in its mission to free the world of cyber disruption.

AArete

AArete

AArete is a global management and technology consulting firm specializing in strategic profitability improvement, digital transformation, and advisory services.

Techmentum

Techmentum

At Techmentum, our mission is to utilize technology to help companies succeed. Our expertise includes fully managed IT services, cybersecurity, cloud, and custom technology solutions.

Unit 42

Unit 42

Unit 42 brings together world-renowned threat researchers, incident responders and security consultants to create an intelligence-driven, response-ready organization.