Defending against our cyber adversaries is hard, but as an industry, we’re not making it any easier for ourselves. Our pride is getting in the way of choosing the right weapons with which to equip ourselves.
For every threat, e.g. phishing, we keep focusing on the mantra of People, Process and Technology and that every solution should be a blend of these. Whilst this is correct in principle, the weighting should never be equal. Some problems simply require a good process to fix them, and crucially, some just require a technology solution.
Yes, I said that, some problems just require a technology solution. Not training. Not process. And here’s why.
Security is NEVER the priority for anyone. There is literally no-one whose job priority is to act securely. Even if you’re a CISO, a SOC analyst or penetration tester, your priority is to get your tasks done and make a difference to the organisation. Your good security hygiene is always secondary, as it should be.
As an example, imagine you work in HR and your job is to receive and review candidates’ CVs and resumes. This is your priority. As nice as it would be to never open a document from a third party source, you must focus on doing your job first and then doing it as securely as possible second. In this scenario, training would tell you to be wary of untrusted third parties and not to open their emails and attachments. Process would tell you to phone each and every untrusted third party to verify they are a legitimate sender and that hopefully they’re not sending you something malicious.
Already you can see that the People and Process elements are slowing down the job function significantly and not thwarting a targeted attacker. This is a case where technology is the answer.
Sometimes, a technology problem requires a technology solution. Period.
Malware is a good example of this. Phishing is another.
Ask yourself these questions:
- Do you check the exact destination of every link you click on your mobile device is trustworthy?
- Do you follow a strict process of verifying the integrity of every file you open?
I thought not. Nobody else does either.
We’re too busy. We just hope, expect, pray that what we’re clicking on is okay and that if not our software will somehow protect itself.
In 2016, two of the biggest threats to any organisation were phishing and malware. Yet both are relatively easy to mitigate with technology alone. Historically the solutions were very patchy, but not any more. Training and process are helpful, but you have to assume that we are ALL in need of the technology safety net.
When it comes to which technology is best for anti-malware or anti-phishing, there are a myriad of vendors in each space that claim to solve the problem.
The reality is that only a few are actually any good, and which is best will depend on your exact requirements. The good news is that they’re both very easy to test and evaluate.
If you’d like my recommendations on how to test, or what to buy, message me privately.
Don’t let pride get in the way of better defending your organisation. Some technology problems just need a technology solution, and they’re now very good, readily available and very simple to deploy and manage. Get the budget, get the tech and get secure.