The false sense of security - the greatest vulnerability

The ability of companies to adapt is as crucial to a business as their ability to generate profit. To do this, organizations depend on prepared leaders, who visualize and calculate actions considering the worst-case scenarios, from the loss of the team's main talents to natural disasters.

Working with planning is the norm when it comes to taking a broader view of the business. But when the risks on the agenda are digital, involving intrusions and leaks of customer and partner data, the option is often to stick with the level of protection that is already in place.

After all, what could be so serious?

There is an inherent error in the current culture surrounding the response to cyber security incidents. A mentality that says you can prepare by doing the bare minimum, something equivalent to painting a leaky wall and hoping it doesn't rain. And if the weather doesn't cooperate, there's no need to worry, after all, there's more paint to touch up.

Meaning? When the inevitable happens and organizations are breached, the plan doesn't go much further than crisis management. In short, discussing how to minimize the impact of an attacker already inside the network, or how to effectively and quickly resolve any events that could damage the brand's reputation.

The critical stage that has been overlooked is preparation. Which, in cyber security, means monitoring, detection and response.

The false sense of security

Many companies insist on investing considerable resources in old-fashioned defense solutions, despite all the evidence that these tools are flawed. The recent Microsoft Exchange breach is proof that no application, network or data center is invulnerable. And even if the organization decides to change the software in the local environment, with a transition to a different brand, for example, the problem remains. Because there's a good chance that they're exchanging one set of risks and vulnerabilities for another.

The implications for a company of maintaining a false impression of its ability to combat attacks can define the future of the business.

There is an evolving threat landscape, and this truth will sooner or later impose itself on the company that is not prepared to act at the first sign of a breach. Type SolarWinds into an internet search engine and you can see the price a neglected risk can cost. Attackers are increasingly working laterally through a succession of infected devices on their way to their goal, or setting up bases throughout the network to exploit whenever they want.

Updating protection

Yes, a good backup guarantees the return of data within seconds of a ransomware attack. Just as firewalls and antivirus also create obstacles for cybercriminals who are looking for loopholes to steal data and invade corporate environments. Tools like this solve problems in one of the pillars of information security, such as availability and detection. But information security today involves broader concepts such as integrity and confidentiality, which have emerged as a promising model for protecting corporate resources from external and internal threats. With the complete dissolution of the traditional security perimeter, it has become insufficient to erect barriers with piles of tools and software, which often don't even talk to each other.

We are in an era when the attack surface expands far beyond the field of vision of companies' IT teams. So it's not about doing more, it's about updating the protection possibilities.

When the attack surface suddenly expands, as it did in the mass home office migration we saw during the pandemic, professional criminal groups sense weaknesses and opportunities. In fact, ransomware has increased sevenfold during the pandemic, phishing has skyrocketed 350% and hackers have made headlines with targeted attacks on vaccine manufacturers, government agencies, large institutions, and even tech giants.

That's why security needs to cover all business processes.

And the answer to today's threats is, without exception, a platform like Vision, whose main objective is to monitor and contain cyber attacks in real time. It's a triad of methodologies, with incident response, proprietary cybersecurity technologies and a team of specialized engineers to deal with each phase of the attack.

This combination solves a bigger problem than the threat itself. It solves the response time.

Attacks are successful when there is a significant delay or negligence in understanding what is happening and what needs to be done to mitigate the threat. Response time is correlated with risk. This means that if the response time is high, the risk is realized.

The Vision platform, as well as being agile in detecting a threat, adds artificial neural networks capable of orchestrating the response process and positioning the engineer at the right time to make the best decision. In this way, it combines human intelligence, which is irreplaceable in the stages carried out, with the latest technology. The result of this combination is a very short response time.

Business context is what connects everything

In order to understand the impact that an emerging threat can actually have on an organization, it is necessary to consider human factors, computer architectures, organizational culture and daily emergencies. Vision uses models that connect business variables with threat intelligence from the SOC - Security Operation Center. This makes it possible to interpret specific threats, linked to the reality of a given company, and to act early so that the impact doesn't happen.

A new mindset, accompanied by modern solutions, accelerates large-scale change towards a more effective strategy. Now is the time to adjust our security posture. By thoroughly understanding the real risks that businesses run, we can prepare for the inevitable without false impressions that we are safe.

By Lierte Bourguignon C. Jr