The president of the BSI (Germany’s Federal Office for Information Security) recently issued a warning about an uptick in the number, and severity, of cyberattacks due to the Russia-Ukraine war. He specifically pointed out the hacktivist attack on the German subsidiary of Rosneft, a Russian oil company, and the collateral damages from the Russian attack against the KA-SAT satellite service, which resulted in damages to German wind turbines.
Global connectivity has its banes
Unfortunately, the risk of becoming collateral damage isn’t limited to any single country. SMBs and individuals, as long as their systems connect to the broader internet, may find themselves caught in the crossfire no matter how far off they are from the battlefield. Like NotPetya, the destructive malware spilled from Ukraine to hit Maersk and Merck, and Stuxnet, which found its way from Iran to Germany-based Siemens.
Such attacks and damages were predictable, and yet, in today’s cybersecurity architectures and procedures — they remain difficult to prevent, mitigate or even detect. That said, cyber challenges for businesses don’t end here. Organized cybercrime has more than doubled since 2015. The conflict in Ukraine fueled the creation of new cybercrime groups and ransomware gangs.
SMB cybersecurity — where did it go wrong?
What most targeted organizations have had in common is that they approach cybersecurity risks as a set of stand-alone problems. As a result, they address them with single-point solutions. Phishing? We have a system for that. Vulnerabilities? We have a team doing patch management. Suspicious events? We log, and we have firewalls, anti-virus, data loss prevention (DLP), security information and security management (SIEM), endpoint detection and response (EDR), virtual private network (VPNs), and more.
Organizations fail to realize that a breach is never a single failure. In almost all cases, a breach is a complete failure of all the security products and processes. Attackers must successfully complete many different tasks to complete their mission. Cyberattacks involve multiple stages, from performing reconnaissance to delivering malware to establishing command and control. Unless we address them holistically, there is no reason for us to expect anything to change.
The problem with best-of-breed for defense-in-depth
For years, organizations have built defense-in-depth with best-of-breed point solutions. In theory, that means getting the best of what each vendor offers and making it work synergistically to erect impenetrable security defenses. The reality, however, is much more complicated, especially as the workforce becomes distributed, IT infrastructure scales, and partner networks expand.
- Integration management: Multi-vendor point solutions focus on individual functionality and are not built to integrate seamlessly. Security teams are often consumed by integration projects, device updates and patching, and monitoring across multiple consoles. Visibility loopholes and integration flaws are inevitable.
- Budget and manpower: SMBs especially do not have the budget, staffing, and time to recruit, purchase, maintain and grow a security team as big as large-scale banks or government entities. These organizations, which can be crippled by cyber-attacks and even go out of business, must muster up a defense at par with large-scale businesses because the threats they face are essentially the same.
- Digital transformation: Cybersecurity is no longer about installing firewalls and anti-virus programs on individual devices. The shift to BYOD (bring your own device) and flexible and remote working means a globally distributed workforce that relies on cloud applications and multiple devices per individual. Installing, integrating, and managing best-of-breed solutions across all endpoints is inefficient and impossible.
Instead of having (on average) 40+ different security products which force departments to constantly consider and execute integration projects, manage multiple devices, patch them, update multiple policies, etc., we have to rethink our approach.
Convergence is the new best-of-breed
At present, over half of organizations have either already shifted from the best-of-breed approach to single-vendor security suites or are in the process of making the switch.
SMBs need to take note of the market trend. Converging security tools can take away the pains of best-of-breed while yielding even better results.
- When all security functionality is designed to work coherently, organizations don’t have to worry about manually integrating each functionality and creating vulnerabilities.
- A single-vendor, as-a-service approach takes away update and patch management headaches from security teams. It also enables single-pane-of-glass management.
- A centralized management console paired with cloud delivery, as in SASE (secure access service edge), can extend the security perimeter to wherever the workers or resources are.
With its centralized management console and flexible management options, SASE is more than the sum of its parts. Instead of security at the cost of mounting exhaustion, performance inefficiencies, and other overhead, convergence offers security with ease of management and operational efficiency. Organizations don’t have to add tools and make updates once new threats emerge — it’s also flexible enough to defend organizations against up-and-coming threats.
The BSI statement reminds organizations that conflict yields crime and collateral damage. Cyber has no boundaries. Businesses need to rethink their approach to cybersecurity in the face of these new threats and their digital transformation and remote work needs.
If organizations want to secure their systems, they must approach security as a holistic issue that requires a holistic architecture. Combine that with adopting an attacker’s mentality to approach your network, and you should be well on your way to becoming cyber secure.