How to break the hacking cycle of ignorance

Cloud security company Bitglass has cautioned organisations about the cycle of ignorance evident in data security hacks.

Bitglass executive Woodrow Mosqueda says: “Imagine standing in front of the CEO and company board of directors, asking them for a cheque for an obscene amount of money to pay off hackers that are holding critical data hostage and disrupting the company business.

“Certainly many are cringing at the very thought of this and have blocked the uncomfortable scenario from their mind, instead hoping that the company’s current security strategy is strong enough to prevent becoming the next victim of a high-profile data breach or ransomware attack..

“The fact is that while ignorance is bliss, it will not prevent this scenario from occurring.  The cycle of ignorance that exists today is bad for organisations, blissful for hackers, and needs to be broken before it is too late”.

Bitglass CEO Nat Kausik has described the SolarWinds attack, detailing how once hackers were able to breach the company’s network via a compromised laptop, they were able jump freely from the company’s active directory infrastructure to the Azure active directory, and ultimately take over Office 365, where they were able to achieve full access.

This, Kausik pointed out, was due to the fact that the company employed an integrated security infrastructure approach, as opposed to a security posture comprised of independent vendors and tools.

On paper, having a single vendor for IT and security can make working life easier, such as not having to worry about interoperability issues. However, relying heavily on a single vendor infrastructure also makes life easier for the hacker.

The SolarWinds breach is a prime example of how hackers were able to ride the connected fabric of an all-Microsoft shop. This begs the question, ‘Will the developer of the infrastructure be able to see its own vulnerabilities?’ This is akin to why Quality Assurance (QA) and development/manufacturing/building are typically separate across any industry of choice.

That said, many organisations still rely on a single vendor, thinking they have both ease-of-use and security. This wilful ignorance, if left unchecked, can have serious implications in the future.

To deal with today’s evolving threats, it is imperative that we break this cycle. Relying on a single vendor for both infrastructure and security is not good for your business.

Mosqueda  says: “We need to start making the hacker’s job harder and not easier. This can be achieved by employing best-of-breed security practices at all segments of the infrastructure via security products and services that are independent of the underlying infrastructure.

“Failure to do so may result in that very uncomfortable talk with your CEO and board becoming a reality.”

To learn how Bitglass can provide an extra layer of security on top of the Microsoft tools you may already be using, download the Bitglass solution brief on how the company’s technology complements Microsoft Security.