Winter is coming: let’s fight the common enemy
Winter is coming. If you are a Game of Thrones fan (or are Facebook friends with one), I’m sure you heard that before. But what does it mean?
In the popular TV series, the Army of the Dead (think: zombies) is marching toward the land of the living. And here’s the catch: every time a soldier in the Army of the Dead kills a living soul, it’s a win for them. The victim turns into a new soldier. They grow stronger, and the living become more vulnerable. It’s an unfair fight.
The fight is made worse because some of the living do not believe that the Army of the Dead even exists, so they carry on living their blissful lives until the truth hits them like an ice cold dagger. The world in Game of Thrones is split into seven kingdoms, who have all been fighting against each other, without realising they have bigger fish to fry.
Defending your network these days is a bit like being alive in Game of Thrones. You are trying to stop the dead from getting through the wall. You know deep inside that no wall can hold them back. Some of us are doing everything we can, others carry on ignoring the threat until it’s too late. And some spend too much time fighting over whose responsibility security is.
So here’s the truth: hackers are winning. They are literally taking our systems hostage. They are a powerful enemy. They are our Army of the Dead. The only way to stand a chance against them is to realise we are all responsible for security. We are all in this together. Every employee, every department, everyone has a role to play. If we leave security to the security department, we will all fall.
On the other hand, when we work together, beautiful things can happen. In the new era of networking, network and security work hand in hand. The network is becoming a sensor. We can watch network traffic and learn how malware behaves. We are training our networks to spot threats even in encrypted traffic.
Recognising a strong enemy and aligning our armies is just the first step. We also need to change our war strategy. We are past the point where we can just keep hackers outside. Now we need to figure out how to find them and annihilate them.
At the moment, hackers spend on average, 100 to 200 days inside a network before they get caught. At Cisco, we reduced the average time to detect across our security products to just 3.5 hours.
We became faster at detecting threats because our products share information among themselves. They share four things: threat intelligence, event information, context and policies. This way if we see a threat once, we block it everywhere. And this can only be done because we are leveraging the power of the network to achieve this. We are working together.
We don’t have enough arrows and spears to beat hackers. We don’t have enough gold. They, on the other hand, are well-funded, thanks to all the money they have been taking from companies over the years. And they are always on the lookout for new opportunities to profit.
Take the Internet of Things, for example. All these new connected devices are becoming a part of our networks. But in many cases, the companies that invent new technology thinking primarily about its functionality, and leave security until the end. That’s if they even think of it at all. Those new devices are now being connected to the network and bringing exciting benefits to consumers, but also posing many security challenges. Devices as simple as a thermostat can become an entry point for attackers.
IoT is only one scenario. There are too many threats to control. We can’t stop every threat but we can work together to minimise our exposure and also detect and react faster to cyberattacks.
If everyone from product design to the CEO gets more involved with security, then things start to change. That’s part of building a stronger security posture.