The Secure Perimeter Cybersecurity Model Is Broken

Uploaded on 2015-12-24 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Want to keep yourself up at night, spend some time reading about the latest developments in cybersecurity. Airplanes hacked, cars hacked, vulnerabilities in a breathtaking range of sensitive equipment from TSA locks to voting booths to medical devices.

The big picture is even scarier. Former NSA Director Mike McConnell suspects China has hacked “every major corporation” in the US. Edward Snowden’s NSA leaks revealed the US government has its own national and international hacking to account for. And the Ponemon Institute says 110 million Americans saw their identities compromised in 2014. That’s one-in-two American adults.

The system is broken. It isn’t keeping us, companies, or our government safe. Worse yet, no one seems to know how to fix it.

This wasn’t difficult in the early days of the Internet and online threats. But today, most private networks have far too many endpoints to properly secure. In an age of “Bring Your Own Device,” the cloud, remote access, and the Internet of Things, there are too many vulnerabilities that hackers can exploit. 

But the security paradigm remains focused on perimeter defense because, frankly, no one knows what else to do. To address threats, security experts should assume compromise, that hackers and malware already have breached their defenses, or soon will and instead classify and mitigate threats.

The information security community has a model to assess and respond to threats, at least as a starting point. It breaks information security into three essential components: confidentiality, integrity, and availability.

  • Confidentiality means protecting and keeping your secrets. Espionage and data theft are threats to confidentiality.
  • Integrity means assessing whether the software and critical data within your networks and systems are compromised with malicious or unauthorized code or bugs. Viruses and malware compromise the integrity of the systems they infect.
  • Availability means keeping your services running, and giving administrators access to key networks and controls. Denial of service and data deletion attacks threaten availability.

Of these, integrity is the least understood and most nebulous. And what many people don’t realize is it’s the greatest threat to businesses and governments today.

Meanwhile, the cybersecurity industry remains overwhelmingly focused on confidentiality. Its mantra is “encrypt everything.” This is noble, and essential to good security. But without integrity protection, the keys that protect encrypted data are themselves vulnerable to malicious alteration. We can no longer count on keeping the hackers out. Let’s work on ensuring we can catch them once they break in. 

Wired:         Security Week

« Could IS Create A Cyber War?
Intelligence Agencies Should Recruit Like Google »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

Association of Information Security Professionals (AISP)

Association of Information Security Professionals (AISP)

The Association of Information Security Professionals (AISP) represents the interests of information security professionals in Singapore.

DataVisor

DataVisor

DataVisor is a big data fraud detection and anti-money laundering solution.

Jetico

Jetico

Jetico provides pure & simple data protection software for all sensitive information throughout the lifecycle. Solutions include data encryption and secure data erasure.

Cytomic

Cytomic

Cytomic is the business unit of Panda Security specialized in providing advanced cybersecurity solutions and services to large enterprises.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Plug and Play Tech Center

Plug and Play Tech Center

Plug and Play is the ultimate innovation platform, bringing together the best startups and the world’s largest corporations.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

Intaso

Intaso

Intaso are a boutique head hunting and talent solution firm with specialist Cyber and Information Security expertise.

Acrisure

Acrisure

Acrisure is powered by the best of human and high-tech and offers insurance, reinsurance, real estate, cyber and more solutions to millions of clients around the world.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

Evervault

Evervault

Evervault provides engineers easy solutions to complex data security and compliance problems.

Atlantica Digital

Atlantica Digital

Atlantica design and create highly innovative software solutions and solid, scalable and secure IT infrastructures for a constantly evolving market.

CyberproAI

CyberproAI

CyberproAI is a leading provider of Cyber and AI academies, with in-house proprietary Cyber simulators, and national-level capacity-building programs.