Cybersecurity Must Focus on the Goals of Criminals

Today’s cybersecurity architectures prioritize perimeter security and activity monitoring, which takes away the proper focus of what cybercriminals are targeting, the data. This legacy approach was an afterthought to protect users from unsophisticated attacks intended to show off technical prowess. Hacking was ego fueled rather than profit motivated. Unfortunately, modern cyber criminals consider cyber theft a revenue-generating business. These organized criminals are well-financed, technically sophisticated, and laser-focused on theft and extortion.

The original approach to cybersecurity was to wall off “safe” areas and monitor the environment for malicious activity. Today we assume our digital environments have already been breached; the perimeter isn’t doing the job we’d hoped, and monitoring for malicious activity only allows us to watch the cybercriminals achieve their goals. This legacy approach to cybersecurity focuses on yesterday’s amateurs and is haphazardly designed. We need to rethink our security priorities based on the goal of protecting our privacy from very nasty characters.

Since cybercriminals’ goal is to steal data our goal must be protecting it. Vendors breathlessly emphasize massive increases in cybersecurity attacks, skyrocketing costs of breaches, and growing regulatory fines. They explain how their next-generation perimeter protection and ability to monitor malicious activity is a silver bullet for protection. Unfortunately, these vendors’ statistics show their approach needs to be fixed. Firewalls aren’t stopping many breaches, and monitoring technology isn’t protection; it’s a way to watch cybercriminals successfully steal information. Rather than relying on legacy perimeter defenses, such as firewalls, we must adopt an approach emphasizing identity-based security and letting the data protect itself with file-level encryption, which will directly address today’s most significant vulnerabilities.

Strong IAM: The First Line of Defense

Nearly 50% of all data breaches were caused by stolen credentials, according to Verizon’s 2023 Data Breach Investigations Report. Identity and access management (IAM) systems must be a primary focus of our security architecture and strategy. Like any security approach, IAM systems must be simple for the end-users, or they’ll work around them, like writing passwords down or sharing files with third-party storage working around burdens of the organization’s internal file shares. Identity governance and administration (IGA) must be developed around users’ workflow.

Most IAM systems on the market provide features required for businesses to design their IGA systems accommodating third-party software-as-a service (SaaS) applications and partner domains and create an easily administered program of on and off-boarding employees with confidence that the least number of privileges are provided to users as the needs arise. They can also control access based on attributes like location, time of day, and device used, to give contextually based privileges based upon the dynamic nature of our modern business environment. Most importantly, multi-factor authentication (MFA) adds an extra layer to the authentication process, ensuring identity validity.

New IAM systems go a step further using zero-trust architecture that challenges the traditional notion of trust. No user or device is inherently trusted, regardless of location or network connection. Instead, every access request is authenticated, authorized, and continuously verified based on multiple factors, such as user identity, device health, and usage context. This granular access control, MFA, and continuous monitoring ensures ongoing secure access and makes credential theft challenging and often too costly for cybercriminals to waste their time.

Encryption: The Second Line of Defense

Most IT organizations focus on protecting access to databases (DB) and SaaS. Unfortunately, Verizon’s latest report shows that this covers less than 20% of successful breaches. When you think about how people work, it makes sense that the most significant vulnerability is in unstructured data, like spreadsheets, reports, and presentations, that they’ve extracted from DBs and SaaS apps to build an argument or report progress.

Encryption ensures that information stolen by cybercriminals is useless, and they can’t use the data to commit crimes. In the past, encryption systems slowed down users’ systems and required complicated key management administration. Users would work around systems because they made them less productive or were a pain to use. Today’s technology allows the files to be encrypted and decrypted without the end-user knowing it’s happening. Technologies like OAuth and OpenID Connect enable encryption platforms to share information inside and outside your organization and collaborate on documents with colleagues, partners, and customers regardless of what domain they’re in. It can even allow end-users to revoke access to the data remotely, ensuring constant control of data privacy.

Shifting Security to Finally Focus on Cybercriminals

The cybersecurity industry has to realize that the emphasis on perimeter protection and network monitoring needs to address the lion’s share of successful attacks. Sure, firewalls and network monitoring are necessary, but to build a modern “security in depth” approach has to focus on cybercriminals’ actual goals and methods rather than colleagues’ practical jokes. Firewalls stop the “amateurs” from getting in, and monitoring provides a front-row seat to criminals’ success. However, focusing our resources on IAM systems and encryption offers the foundation to give us a real upper hand in the cybersecurity war and take away their most successful attack vectors.