Even the most experienced cyber professionals agree: We can’t prevent all breaches

The reality of cybersecurity is that it is not a solvable problem. We cannot stop determined attackers from getting into systems. They’re too sophisticated and digital infrastructure is only becoming more complex. What we can do, however, is take necessary steps to minimize risk and disruption once attackers inevitably get inside. The sooner security leaders can accept that reality, the better.

Instead of focusing on preventing breaches, cybersecurity professionals should focus on improving security hygiene and resilience. More important than building up walls, organizations should prioritize minimizing costs, downtime and disruption in the case of an eventual cyberattack.

It’s impossible to stop all breaches

The best way to protect your most critical assets is to assume that breaches are unavoidable — it’s not a matter of if your organization will be breached but when. This “assume the breach” philosophy means that if you can anticipate a breach, you can build your cyber defenses up to minimize damage.

In fact, since the onset of the pandemic, cyberattacks are up 600%, as hyper connectivity spurred by the rapid shift to remote work. In addition, globalized supply chains and human error all expanded the threat surface and increased our vulnerabilities. As hackers become more sophisticated and evasive, it is futile to try to stop them from getting into critical systems entirely.

While most cybersecurity leaders are focused on improving risk management, fewer report progress on “foundational cyber hygiene.” Improving foundational security starts with preparing for the worst-case scenario. We need to take every precaution because the lasting impacts of a cyberattack are becoming increasingly devastating and difficult to control.

Businesses and leaders play catch-up

In a recent study, 86% of security professionals agreed that breaches are inevitable. Nearly all those surveyed said they anticipate some form of a data breach within the next year.

Meanwhile, the rest of the C-Suite are still catching up and embracing the “assume breach” mentality. After high-profile attacks on organizations like Colonial Pipeline, SolarWinds, and JBS revealed that any type of organization is vulnerable and can be a target for hackers, many leaders took a step back to reevaluate their security postures.

The C-Suite is starting to understand the growing threats to their organizations, but education gaps exist. Leaders must understand that cybersecurity is a continuous and evolving process. Without consistent evaluations and resources, security is impossible.

Preparing for the inevitable

Legacy technologies like firewalls are no longer enough to keep bad actors out. The traditional perimeters of the office that existed when these technologies were created no longer exist in our hybrid work environment.

Security teams also need to identify threats proactively. What is the best way to do this? Expand visibility into the full spectrum of an organization’s digital infrastructure.

Monitoring all network traffic can be a daunting task for short-staffed and overworked security teams. Resilience doesn’t necessarily mean throwing more people at a problem. Machine-speed attacks warrant a machine-speed response. Artificial intelligence (AI) and machine learning tools can lighten this burden by alerting security teams to top priority anomalies and threats within the network.

Anticipating your enemy

It can be difficult for those unfamiliar with security to understand an invisible enemy. In an analysis of several environments, Darktrace discovered "sleeper attacks,” the stealthy threats that exist without security teams’ knowledge, in 75% of organizations scanned.

While teams can glean helpful information from analyzing historical attacks, this activity cannot anticipate new types of novel threats. Predictive analytics can help organizations be ready for anything — or almost anything. AI can also help contain threats in the early stages, preventing malicious activity from escalating while giving human security teams valuable airtime to react and remediate the root cause of any incidents.

By assuming a breach is inevitable, organizations can focus on early identification of threats and anomalies to help prevent an initial breach from spreading laterally within a network and becoming a cyber disaster. Preparing for the worst means organizations don’t have to rely on prayers for successful remediation.

Justin Fier is Director for Cyber Intelligence and Analysis at Darktrace.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.