As the Chief Security Officer at TierPoint, I often get the question, “What keeps you up at night?”
Where do I start?
My role requires me to keep an eye on the ever-changing cybersecurity threat landscape. Every night I go to bed reading about new attack vectors, and every morning I wake up to new threat feeds from Israel and the Department of Defense. There are a lot of things that could keep me up at night – if I let them. Read my recent Forbes Tech Council article to understand how conquering fear is vital to a successful IT strategy.
In this post, I’ll share my greatest cybersecurity threat concerns as well as some of the things that I think are less of an issue.
The cybersecurity threats I worry about
Might as well get the bad news out of the way. My greatest concerns have to do with bots and layer 7 application attacks. There are a couple of reasons for this.
The first is that there are a lot of bad bots out there, and they’re getting more sophisticated. First generation bots were designed to perform a single function such as scraping websites for information or filling out forms. These bots are still around, but they’re pretty easy to stop with validation procedures like identifying the text in a graphic and retyping it or just clicking a box to confirm that the user is human.
Over the years, successive generations of bots have gotten even more sophisticated. Third generation bots are capable of operating in full browser mode, so they can perform the same functions as a human user. You can stop most of these bots with a good Web Application Firewall (WAF) because, while they pretended to be human, they didn’t quite act human.
We are on the precipice of a new generation of bots that is capable of mimicking even the randomness of human behavior. Stopping these bots is going to require an even more sophisticated next generation of good bots. Researchers are working on them. Let’s hope they can work fast enough.
The second reason bots and layer 7 attacks are my greatest concern has to do with the unfair advantage the bad guys (or bots) have in this fight. A hacker can launch a bot attack against your systems and make millions of attempts to gain access. Even if they fail, they can overwhelm your systems in a denial of service (DDoS) style attack. And, to reach their ultimate goal – gaining access to your systems, they only need one correct guess. Given the sorry state of password management protocols in many organizations, this is easier than it sounds.
As an IT Security professional, there isn’t a lot you can do about the evolution of bots other than ensure your internal processes are sound. For example, performing regular vulnerability scans can tell you where your greatest weaknesses are given the current exploits. Follow up network penetration testing can also tell you how severe the vulnerability is. This allows you to focus your efforts on the greatest threats to your business.
You can also mitigate your risks by keeping applications and systems up to date. Hackers watch for patch announcements, knowing that a large percentage of organizations won’t implement a patch right away. The announcements tell them which vulnerabilities they’re most likely to be successful exploiting.
The cybersecurity threats I don’t lose sleep over
The good news is that there are a number of things I don’t lose sleep over. Okay, I still lose some sleep over these things, but not as much as some of my peers in this industry.
Securing the server
This is an area where my philosophy differs from a lot of my peers. Many of the CSOs I talk to focus their investments on securing their servers from attack. If they can do that, they argue, why spend any money on securing the edge?
My philosophy is the opposite. The less I need to worry about a bad actor getting into a server in my data center, the better I sleep. At TierPoint, we invest in robust next-generation firewalls, WAFs, DDoS mitigation, etc., with the strategy of blocking 99% of malicious traffic before it gets to our clients’ servers.
That said, we still need to protect the server. Since no server is 100% secure, we follow what’s called a defense in-depth model in which we deploy multiple tools that work in different ways and at different layers.
Whose tools I use
Speaking of tools, I’d estimate that 99% of the calls I get are from IT security salespeople telling me their company has developed the best tool on the market, and if they could only get 30 minutes of my time, they’d be able to convince me that their tool is better than everyone else’s.
Maybe they’re right, but I could invest millions in today’s tools with no guarantee that my infrastructure will be secure. The tools I used ten years ago don’t even exist now. We use tools, of course, but I really push my team not to get too focused on the name brand of the tool. Just keep adopting tools that best fit our security profile and objectives.
Given our current cultural climate, many people are talking about the dangers of hacktivists, i.e., hackers looking to spread their ideology through targeting organizations they see as “the enemy.” Sometimes, these hackers don’t have an identifiable ideology per se, so much as they’re looking to create chaos.
While these hacker types exist, they aren’t well-funded, and the tools on the market today are pretty good at defending against this type of attacker. I am much more concerned about attacks launched by nation states with virtually unlimited resources whose sole goal is to undermine our institutions and economy.
State-sponsored cyber attacks
Given that last statement, it may seem odd for me to include state-sponsored cyber attacks on my list of things that don’t keep me up at night. And, I’d be lying if I said I didn’t occasionally lose sleep over these guys, but I’m pretty confident in the perimeter we’ve established around our systems and those belonging to our clients.
One of the tactics we’ve deployed is to collaborate with partners around the world. We’ve developed tools that allow us to geo-locate attacks on critical infrastructure so we can tell whether they’re coming from China, Ukraine, Russia, etc. If we see attack traffic coming from China, we can work with our partners to block it in Europe before the exchange hands the bad traffic over to the U.S. and our data centers. We can do the same thing for our partners, blocking malicious traffic from the U.S.
What cybersecurity threats concern you?
As a managed security provider, we help businesses address their biggest cloud and security concerns with our secure, reliable, connected IT infrastructure solutions and a nationwide network of 40+ data centers. Contact us today for more information on how we can help you get a good night’s sleep by securing your systems and data.