Breach, Ransomware

Data Is The Perimeter, Defend It That Way

Author: Chase Cunningham
Author: Chase Cunningham

Unless you have been living under a rock or possibly hiding in the mountains of Montana with a giant beard and eating way too many government issued MRE’s you probably heard about the nuclear bomb of a ransomware attack that kicked off in May.

Welcome to the post apocalypse folks. For years, many of us in the cybersecurity industry have been jumping up and down on desks and trying to get the world (writ large) to pay attention to managing and patching outdated systems and operating systems that have been running legacy software, to no avail.

Now that Pandora’s box has been opened and the bad guys have use the NSA leaked tools as weapons platforms all the sudden everyone gives a dang. I caught no less than 17 talking heads on the news this morning stating that “this is the new reality”, and “cybercrime is a serious threat to our way of life.” Duh, also water is wet and fire is hot. Thank you news.

Regardless of all the bad that is bouncing around the news and everywhere else today (and as I type this I can literally see a pew pew map on CNN that looks like a Zika Virus map showing the spread of WannaCry dominating the screen behind the anchor team) the reality around this “massive hack” and “global attack” is that if folks didn’t suck at patching their systems and followed basic best practices instead of crossing their fingers and hoping that they didn’t get hit the “end of days malware” would be basically ineffective.  The “hack” targets Windows XP systems, an old, outdated, unsupported OS that should have been pulled from use eons ago. And if the legacy system running that OS couldn’t be pulled, IT SHOULD HAVE AT LEAST BEEN PATCHED.  Problem solved, or at least made manageable.

When you think about what is taking place, what is the crux of the problem?  That DATA is being locked up. The very thing that people, users, organizations, and nations need to do their job is being targeted.  It’s not the people, it’s not the technology, it’s not the systems, or the endpoints, or the networks that is the end game in this “hack”; it’s the data.  If the bad guys can get to the data, be it a file or a database, or whatever else the data is, that is where the threat is headed.  So, if we turn this threat on its head and go about defending what matters, the DATA, we have a chance to stop these (and in truth most) threats.  And the beauty of this approach is that data is defensible, we can encrypt it, manage access to it, segment it, protect it, and use it as our Alamo.

Data is the perimeter for any network, let it be written.  It is defendable, it can be clearly delineated (with some work mind you) and it can be used as a defense mechanism. If you protect your data with everything you can then the bad guys lose and you win, as they have no prize to even really fight for. They will learn that your network and it's golden goose (the data within) are too hard of a target, and they will go somewhere else. It’s not worth a bad guy’s time to hack away at a target when they have no way to win and no end game to play.

I’ll get off my soapbox now, but I must admit that I am slightly happy to see all the shenanigans that are taking place. It’s gratifying to know that all the moaning and griping, while ignored, was justified.  Now maybe we can work to actually stop this type of attack.

Data is the perimeter. Defend it that way.

Chase Cunningham is a principal analyst at Forrester Research, where he serves security and risk professionals. Read more Forrester Research blogs here.