By Kevin Bailey, Managing Director & Principal – Security Research at Omnisperience
When I look back at the cybersecurity industry, in the early 2000s it involved a few hundred vendors battling for their share of a ~$750 million market. The hacker was motivated by the chase and notoriety rather than monetary rewards. Fast forward to 2020 and sophisticated hackers have now established a matrix structure comparable to multinational corporations with the discipline, skills, diversity of products and a capability for R&D that delivers a conveyor belt of disruption, damage and a deficit to their targets.
Over the years the security industry has provided solutions to every known attack surface perpetrated by cyber criminals – swelling global revenues of the cybersecurity industry to $248 billion in the process. Yet continual data breaches, identity thefts and ransomware attacks clearly show that many of the solutions provided are really defensive in their design – meaning that organisations are playing catch up and second-guessing attacks as cyber-criminals have turned the tables from 20 years ago, utilising their skills and acquired data to control the narrative. To combat the sophisticated and industrialised approach to cyber-attacks that we are seeing, organisations need to rethink their approach and, importantly, the purpose of their approach.
The importance of data
Whatever the end game, it’s all about the data: both its value to businesses themselves, and its value to adversaries to guide and enable cyber-attacks.
Digital platforms have overtaken physical interactions in our connected world, vast datasets have been amassed that combine business, personal, location, financial and health data (amongst others). Not only is data the honeypot that cyber criminals seek, it’s also the starting point of any attack strategy, because it provides the intelligence needed to attack businesses and individuals.
Data is the starting point of any attack strategy, providing the intelligence for entry to businesses, while also inflicting [a digital] hurt on a user (the individual). User’s meanwhile are inherently the most fallible digital cog in the machine and cannot always be relied upon to follow processes and procedures. When a user is duped into sharing their data, they initiate a cause-and-effect event, once more relinquishing control.
So how can we start to get back control of our data and be confident in the interactions of platforms?
If everything the user does leads to the potential loss of data control, surely the best thing to do is to securely isolate the user – using technology to minimise their interactions, without compromising their ability to engage.
The criticality of the Air-Gap
To secure data it’s important to identify the ‘Air-Gaps’ – those places where the user needs to interact or make a decision during engagements. Two of the most obvious are:
- the Access Layer – what can I use? (device), am I the user? (authentication) and what can I do? (permissions)
- the Execute Layer: where can I go? (operation).
Both these layers have clearly visible and known Air-Gaps and opportunities for the cyber-criminal. Closing the Air-Gaps means closing down the ability of cyber criminals to gain access to platforms and data. New and proven technologies exist today to do just this. It is curious therefore why organisations are not embracing these more proactive products that focus on protecting both the user their experience and data, rather than relying on traditional reactive cybersecurity methods.
Introducing User Isolation Protection
User Isolation Protection is a new security category whose purpose is to allow seamless digital engagement while proactively securing the user and their data from cyber abuse. I acknowledge that there are many other areas that are critical to securing operations and hunting down cyber criminals. UIP does not advocate throwing everything away and starting again. What is does though is increase an organisation’s focus on the weakest link – the user – and clarify its purpose which is to protect the user from their own fallibility and the machinations of cyber criminals while not slowing the user down or reducing the effectiveness of the user. In other words, it is essential that the approach is not just effective but is unobtrusive.
For more information on this new approach, see the Omnisperience Green Paper: ‘Introducing a New Cybersecurity Category: User Isolation Protection’.