Cyber Security in the Age of a Presumed Breach

By Rob Forster, Strategic Business Advisor

Every day we are reminded how vulnerable our information systems are to cyber-attacks. Massive data breaches have become routine and recent notable cases include the legal[1], banking[2], government[3], industrial[4], media[5] and healthcare[6] industries. As these attacks become front-page news they are increasingly a boardroom-level concern given their rapid effect on an organization’s reputation and valuation.

Despite increased management awareness, network and security teams remain under pressure as the volume of threats is increasing and outpacing solutions to counter them. I’ve yet to learn of any group complaining of too much manpower or resources to counter the threat - EMA research indicates that 80% of organizations investigate less than 1% of severe and critical security alerts[7]. Additionally, increased bandwidth coupled with the adoption of cloud solutions are exposing company networks to greater volumes and vectors of attack that compound the problem. Consequently, in this challenging environment, how should organizations protect their systems and prevent themselves from becoming the next headline?

Execute Basic Fundamental Strategies
First, and most important, organizations must execute the basic but fundamental strategies needed to maintain their existing information systems. These tasks are not glamorous, require much effort, won’t get you a speaking role at the next hacking conference but are essential to reducing the attack surface.  These strategies are often referred to as “quick wins”, “top five” or “first five” critical security controls. Organizations can stop ~85% of known cyber intrusions with these mitigation strategies[8][9]:

  • Patch operating system vulnerabilities (< 48 hours of release)
  • Patch third-party applications (< 48 hours of release)
  • Use application whitelisting
  • Use secure and standard configurations
  • Restrict administrative privileges (no admin active while using web or email)

Implement Complementary Security Solutions
Second, organizations should continue to implement complementary security solutions that provide additional defense-in-depth and resiliency.  Mature organizations typically do these well but in the process should aim to prevent a “local hero” dependency in any one particular competency.  Some of these include:

  • Asset discovery and inventory
  • Email content filtering
  • Endpoint security/antivirus
  • Firewall/intrusion detection systems
  • Multi-factor authentication
  • Security information and event management tools
  • Segmentation of networks
  • Removable media control/encryption
  • Vulnerability scanning and prioritization

Bolster Multi-layered Defenses
Third, forward leaning organizations bolster their multi-layered defenses and empower teams to be proactive.  These organizations build resiliency and rehearse the response to the eventual discovery of an intrusion.  Additionally, these organizations also demonstrate:

  • Continuous learning for staff at all levels
  • Cyber threat intelligence integration and response
  • Firmware integrity management
  • Information sharing and community engagement
  • Insider threat detection

Nevertheless, what should you do if your organization employs most of the aforementioned strategies and solutions?  Does that mean your networks and cloud-based applications are secure?  Attack trends demonstrate otherwise.  While the above solutions build defense-in-depth, provide protections and shorten the time to discover a breach has occurred, weaknesses still exist in the underlying way that networks communicate which exposes information about your network and applications.  Additional resiliency is needed to tackle this issue that exposes you to known and unknown vulnerabilities and attacks.

A New Level of Network Protection and Resiliency
BlackRidge addresses this weakness, inherent in TCP/IP, which leaks information about your network resources and applications even in the presence of the latest firewalls.  BlackRidge Transport Access Control (TAC) authenticates identity and enforces security policy on the first packet, before a network session is established and thus closes this security hole. This denies attackers the ability to conduct reconnaissance and exploit weaknesses from both outside and inside the network.  With BlackRidge the following is achieved:

  • Cloak resources from unidentified and unauthorized users (you can’t attack what you can’t see)
  • Stop cyber-attacks by blocking scanning outside and inside your network (disrupt and prevent the reconnaissance phase of the attack chain)
  • Segment networks based on user privileges and prevent lateral movement (even compromised credentials are prevented from accessing unauthorized resources within the network)
  • Protect against insider and 3rd party threats (produce real-time alerts with user identity attribution for authorized and unauthorized network sessions)

In summary, BlackRidge Transport Access Control provides a new, innovative level of protection and resiliency to network and cloud resources that complements and greatly strengthens your existing security defenses.  To learn more, please visit

Overall, the points above are recommended areas of focus and of course not a complete guide to success. Organizations should assess risk and prioritize their requirements to ensure their networks and clouds are resilient and prepared to respond to the eventual breach.

Article References:
1. Panama Papers
2. Hackers Stalked Bangladesh Bank for Two Weeks Before Big Heist
3. Hackers Took Fingerprints of 5.6 Million U.S. Workers, Government Says
4. Analysis of the Cyber Attack on the Ukrainian Power Grid
5. TV5MONDE – A (Tentative) Technical Analysis
6. Lack of cyber security draws hackers to hospital devices
7. Less Than 1% of Severe/Critical Security Alerts Are Ever Investigated
8. ‘Top 4’ Strategies to Mitigate Targeted Cyber Intrusions
9. Seven Strategies to Defend ICSs