by Eric Trexler, Vice President, Global Governments and Critical Infrastructure, Forcepoint
Now that we’ve rounded the corner of the unpredictable winter 2018 in the Northeastern US and are finally closing the chapter on one of the worst influenza (flu) seasons in history, covering 45 states with 9.5% of all US deaths reported as flu-related according to the Centers for Disease Control and Prevention (CDC). Of course, we have flu outbreaks every year to varying degrees, but this year the public health concern garnered major press coverage, overwhelmed health providers and became a source of concern governing normal, everyday social interaction and business operations.
For a while there it seemed like the news was dominated by the flu and cybersecurity, which got me thinking about how we use similar language when talking about both: infection, viruses, increasing protections, etc. and how we might apply the scientific advances for flu prevention – and common rules of thumb – to cybersecurity.
“Common sense” guidance is good practice rule of thumb for a reason. For the flu: staying home, limiting contact (isolation), hand washing, etc. are a proven first line of defense at keeping you healthy. For cybersecurity: basic cyber hygiene like keeping your applications and systems patched, isolating sensitive information from the open Internet, not clicking on suspicious links, helps maintain a healthy IT system.
Not everyone follows these basic rules but those that do have a greater likelihood of avoiding infection.
Of course, being diligent with common practices isn’t always enough. Sometimes a person, or system, still gets sick. To provide greater protections we developed vaccines, anti-viral medicines, and other treatments to harden immune defenses and lessen illness severity. Additional cybersecurity measures include malware detection, threat detection, and prevention, greater access controls.
As we see with vaccines, sometimes the adversary changes the rules and the existing protections are not as effective as we would like. It is because of situations like this that medical researchers and cybersecurity researchers alike continue to strive for more reliable ways to prevent infection and lessen the severity.
Just as people adapt to their environments and make decisions to, say wipe down their desk phone daily with an anti-bacterial cleaner when an officemate begins sneezing, which might signal to another person to do the same. So too can our cyber environments be trained to watch how humans are interacting with sensitive data and adapt security settings when an out-of-the-ordinary action occurs
By adapting security in real-time based on risk scoring and behavioral context, risk adaptive cybersecurity can achieve wide-spread protections. We can harness the power of human behavior – and our tendencies to follow patterns until we don’t – to alert our systems to take appropriate security actions; such as allowing or preventing upload to a cloud app.
As our natural world continues to morph and evolve – so too does the cybersecurity threat landscape continue to grow at ever-higher orders of magnitude. We must change the way we look at protecting our systems. It’s time to focus on human interaction with data and isolating critical components. Accepting that the adversary will eventually penetrate traditional defenses and shifting focus to behavioral-based indicators of change will allow defenders to more quickly to identify abnormalities and address them through risk adaptive protections.
As we enter the spring of 2018, the flu season will ease its hold, but the cybersecurity challenges are not decreasing anytime soon. In order to win, cybersecurity professionals must adapt to a new human-centric paradigm. By focusing on the true constants in organizations – people and data – and how they interact we will be better equipped to cut through the noise and attack anomalous behaviors – either human or machine – head on and with strength.
About the Author
Eric Trexler is Vice President of Global Governments and Critical Infrastructure at Force point. He has more than 20 years of experience in technology across the public and private sectors including the Department of Defense, Civilian, and Intelligence communities. Prior to Forcepoint, Trexler was the executive director for Civilian and National Security Programs at McAfee, formerly Intel Security. Trexler spent four years as an Airborne Ranger with the U.S. Army specializing in communications. He holds a master’s degree in business administration from the University of Maryland at College Park. Eric can be reached at firstname.lastname@example.org and at https://www.forcepoint.com/.