Cybersecurity – It’s a Numbers Game

Organisations need to rethink secure access. Cyber security has always been an issue, however over the past few years the frequency, disruption, cost and damage have all escalated exponentially.    

Why is This a Problem Now? 

The issues really come down to two areas: More users and more sophisticated attacks.   

More Users 

Most organisations have more users using technology, much more than 10 and especially 20 years ago when most networks were initially designed and implemented.  While this is likely a massive productivity boost for the organisation it does increase the chances that someone, somewhere will be compromised.   

As an example: 

If the chance of a user being compromised is 0.0001% (1 in 1,000,000) on any given day (either by phishing, password reuse, lost device or any number of other vectors).  Then over a year there is a 0.021% (ish assuming holidays, weekends etc.) chance of a single user being compromised.

When scaled to a workforce of 2,500 this then becomes a probability of someone, somewhere being compromised at 50% (ish) a year.  The chances of compromise over a multiyear period then becomes extremely high. 

More Sophisticated Attacks 

Historically attackers were primarily looking for valuable business data, either to assist with further attacks or to sell for identity theft.  Over the past few years with the rise of ransomware this model has been replaced with a far more damaging approach of destroying the organisations ability to operate.

Recently this has been further escalated with threats to disclose compromised data and trade secrets unless further ransoms are paid.   

With this rise in financial incentives, attack software has become increasingly sophisticated. Once the domain of Advanced Persistent Threats (APTs) and nation states, these tools have become commercialised and weaponised so that anyone with a web browser can download tools to compromise systems, retain persistence and most importantly scrape credentials from memory, log keystrokes and take screenshots.   

Security controls such as requiring separate admin accounts or using jump boxes are no longer safe and in fact can assist attackers.  This happens as there are often routes to escalate privileges (for example allowing a user device to connect to the jump box).  If this jump box is compromised, the attacker is then able to extract all credentials for all users logging into the box, therefore further escalating privileges. 

But I Already Maintain a Secure Network? 

While most organisations recognise that security is becoming increasingly important, this is often ‘solved’ by bolting additional technology onto the existing architecture and imploring end-users to not to succumb to phishing attacks.  While this certainly helps, what can be seen with the numbers above is that given enough users and a long enough timeframe, any organisation is likely to suffer a compromise.  The question then becomes ‘How do I manage a breach to minimise impact?’. 

Most organisations operate a logical network equivalent to Figure 1.  This segregates and ‘protects’ the internal network from attackers by introducing barriers between the publicly assessable servers in the DMZ and the most important systems inside the core network.  This in itself isn’t bad, however when used as the primary form of defence it makes the organisation like an ‘eggshell’ (hard on the outside but a single issue and the whole thing collapses).