Today at work we were working with some clients who still had some very old, and insecure, authentication methods in their networks. Methods that could enable a malicious person to take over their entire Active Directory domain in a matter of minutes. Fortunately these clients are taking action to fix the problem and while they are doing that, they have my company actively protecting them. But it highlights how security hygiene in the new normal has to change.
This led me to back to thinking about the new normal again. Things are changing rapidly and continuously, as we all know. And in getting back to normal, that is not going to change. That is one of the aspects of getting back to normal that is here to stay. So, we see things like the Exchange Server attacks by Hafnium (a Chinese threat actor) that we learned about in February, 2021, or the Solarwinds attack that we first learned of in December, 2020. These things are going to continue to happen. And faster, more rapidly than ever before.
Side note: In the Solarwinds attack, 18,000 entities globally were vulnerable. But only 10% or so were actually breached by malicious actors. In the Exchange Server breaches, over 70,000 entities were vulnerable and it appears that 30,000, or so, were breached by malicious actors. The changes in magnitude are quickly exploding.
At the same time, so is the change in our own networks, applications, and infrastructure supporting our schools, governments, companies, and homes. Over the last 12 months we have seen organizations move ALL of their data and applications to cloud computing, whether to something like Amazon Web Services or to Software as a Service like Sales Force or to Storage as a Service like Dropbox. They are moving, or have entirely moved, their traditional network infrastructure (authentication, file services, email, office productivity) to the cloud as well: Google Drive, Microsoft Azure, Apple iCloud have all been great beneficiaries of this. Many of these organizations are maintaining crazy hybrid environments. All in a quest to support their business that is seeking to survive this insane time we are going through.
But all of this leads us to how do we, security professionals, deal with the inevitable problems that this is going to introduce in to our networks. Unpatched systems, poorly configured authentication, new vulnerabilities, and more. How do we deal with the cyber hygiene problems?
I’m going to suggest that now is the time for even more of the basics than ever before. Every vendor under the sun is going to try and sell you some miraculous tool to solve your problems. It will be magical for the low, low price of just XXXX. And I’m going to tell you that your first instinct should not to be to buy some magic silver bullet. We’ve been chasing the silver bullet in security for decades now. If that was going to work, wouldn’t it have worked already?
What I can tell you from decades in the business, as both a practitioner and a vendor, is that the organizations that solve the basics are the ones that do the best when confronted by security challenges.
But, just like everything else about Getting Back To Normal, there are going to be changes you need to make to the basics. You have to patch faster. You have to look deeper into your environment. You have to connect on-prem and cloud systems better. You need more resiliency in your defensive layers. And, most importantly, you have to figure out how to detect and respond to bad things much faster.
If you do, your organization stands a chance in the new normal.