Speaking at The European Information Security Summit (TEISS) 2018 in West London today Sumin Tchen, principal & founder, Belarc, explored some of the myths that surround information security and highlighted how they do not always reflect the realities of cyber-risks.
The first myth is the notion that you should prioritize securing high-value assets. The reality, Tchen explained, is that “the high-value asset is not the one that is attacked typically,” and often attackers target devices with no direct access to high-value data and then escalate privileges or find admin accounts to allow them access.
Second, he continued, is the myth that the latest endpoint protection will stop breaches, which is something that is yet to be proven, and third is the belief that IDS/IPS will halt most attacks. “There’s a lot of new technology going on with IDS, but a lot of it is still dependent on signatures, and signatures are always behind new technology. It’s not the wisest thing to be totally dependent on IDS.”
Next are the separate notions that you should focus on critical vulnerabilities and new vulnerabilities. The problem with the first, Tchen said, is that “the majority of attacks do not use critical value vulnerabilities” and regarding the second, “92% of vulnerabilities are greater than a year old. If a breach is still working, why stop a good thing? Attackers will keep using the same things that work.”
The last myth that Tchen discussed is that focusing on isolated systems is un-productive. He argued the reality is that most systems considered to be ‘isolated’ are “not quite as isolated as everyone thinks.”
To conclude, Tchen advised organizations to build cybersecurity around standards, pointing to the Center for Internet Security (CIS) Top 5 controls:
- Identify authorized and unauthorized devices
- Identify authorized and authorized software
- Secure configuration for all devices
- Continuous vulnerability assessment & remediation
- Controlled use of admin privileges