Vulnerability, breach and patch: break the vicious cycle
Once again, we’ve seen more large data breaches in recent days – Under Armour’s MyFitnessPal app and website lost data of its 150 million account holders, and Hudson’s Bay Company lost five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor. These hacks highlight continued focus of cybercriminals to target organizations who hold large quantities of data that can be exploited over a period of time for monetary gains, causing significant concerns to consumers and challenging businesses who have ethical and legal requirement to protect customers data to rethink their current cybersecurity approach.
Sadly, this is the inevitable result of our continued focus on a threat-centric approach to cybersecurity – the walls and moats philosophy that is still common. Instead, we have to renew our focus on the object the attacker is so often trying to steal: our data. Only by augmenting threat-centric approaches with a more user- and data-centered view of the world can hard-pressed defenders keep up with a neverending onslaught of attacks. Deploying static defenses against a continually evolving attacker makes no sense; systems must be able to adapt in real time to different threats. This risk-adaptive protection centered on users and data is the only way defenders have an opportunity to break the vicious cycle of vulnerability, breach, and patch.
Forcepoint in our 2018 Security Predictions report highlighted the expected rise of attacks against data aggregators in the public and private sector. We can expect to see continuation of such attacks with increased frequency in 2018.