Like an ostrich, a network security administrator might try to bury his head in the sand to shield himself from the realities of the threats that surround him. Regardless, that administrator cannot forever ignore the cyber threat intelligence resources that continue to point to the five harsh truths that endanger every information systems network.
MYTH: The right combination of measures will provide perfect network security.
HARSH TRUTH: Cyberattacks have become too sophisticated and hackers are constantly enhancing their skills to defeat new and improved security measures. As soon as a new measure is implemented, teams of hackers devote themselves to overcoming it. The harsh truth is that a hacker who is motivated to break into a network will ultimately break into it. The administrator’s best response is to detect the break in as soon as is possible after it happens and to prevent internal shutdowns and losses of critical data.
MYTH: Our business is too small to be hacked; the hackers will look elsewhere.
HARSH TRUTH: Network security is never just another organization’s problem. Every organization and every network within an organization is a target for a security breach. Hackers use smaller companies as stepping stones into larger organizations. Smaller companies might have a closer and more personal connection to their customers and vendors, which makes the data that smaller companies collect at least as valuable if not more valuable than data collected and retained by large companies. Nobody expects to have an accident until the accident actually happens. The same is true for network breaches
MYTH: Network threats originate with external sources.
HARSH TRUTH: A majority of network attacks originate internally from disgruntled employees and other sources. In 2012, a network engineer who was about to be fired by EnerVest, an oil and gas exploration company, sabotaged the company’s computer systems and caused the deletion of a significant amount of historical data, much of which the company never recovered. His involvement in EnerVest’s data loss was not uncovered until after Home Depot had hired him as a network security architect. Not every angry employee has the means or the knowledge to hack his employer’s systems, but internal employee problems can lead to greater information systems problems.
MYTH: Hacking activity is concentrated among a limited group of coding specialists.
HARSH TRUTH: Hackers sell their expertise and wares online either through dark web sources or openly on Craigslist and other public sites. Simple distributed denial of service (DDOS) attacks can be arranged for as little as $100. Prices of hacking services have dropped while quality has increased. An organization that has experienced a system hack might suspect a technology specialist, but the internet has converted anyone who can afford the service into a hacking specialist that can launch sophisticated cyberattack
MYTH: A cyberattack will be detected before it does major damage.
HARSH TRUTH: This myth is belied by the growing number of companies that have experienced cyberattacks in spite of their early detection precautions. By one estimate, in 2014, organizations that had been victimized did not discover the cyberattack for more than 200 days after an initial breach of their data networks. In many cases, external parties, including law enforcement personnel, informed the organizations that their networks had been breached.
Organizations that do not want to become portraits of failure are turning to cyber threat intelligence resources and solutions provided by third parties to give them better protection against network threats. A perfect solution to network threats may not be feasible, but an optimum solution will give an organization the necessary assurances that its data is protected and that unauthorized network incursions will be contained.