July 19, 2024
Global Microsoft Outage Cripples Critical Services: What You Need To Know?
What You Need To Know About The Microsoft Outage
Read full postCybersecurity
The Scientific Approach to Cybersecurity
July 3, 2024
More Security Doesn't Always Mean More Protection
Why simply spending more on security is not the solution and emphasizes the need for a more scientific, standardized approach to cybersecurity.
The rising costs of cyber attacks and impacts on organizations have become alarming. Despite heavy investments in cybersecurity, major data breaches continue to expose the vulnerabilities within even the most protected entities.
Over recent years, the economic impact of cyberattacks has surged. Empirical data from 2022 reveals that organizations worldwide required an average of 277 days to identify and contain a data breach. This protracted duration underscores the critical challenge of synchronizing detection capabilities with the rapid advancement of cyber adversaries. For instance, ransomware attackers have dramatically decreased their time to achieve objectives from several months to mere days between 2019 and 2022.
Bitsproof's comprehensive research indicates that simply increasing investment in security measures does not inherently enhance protection. Even organizations with extensive cybersecurity budgets and cutting-edge technologies frequently suffer major breaches, often compromising the personal information of millions. This observation prompts a pivotal question: Are we, as a cybersecurity industry, fundamentally flawed in our approach?
Cybersecurity: More Science, Less Art:
The cybersecurity industry still lacks standardization and a unified framework for evidence-based planning and the implementation of security controls. Without standardized operational protocols and rigorous metrics for assessing the efficacy of security measures, the industry continues to yield suboptimal outcomes. BitsProof's findings underscore that many organizations remain unaware of control failures until a breach occurs, exposing them to significant risk.
Control Failures:
Security controls, including endpoint detection and response (EDR) systems, can fail, often without organizational awareness. An analytical study has been reviewed and discovered that EDR controls detected malicious actions only 39% of the time, leaving 61% of actions undetected. Frequently, organizations uncover these gaps accidently or in the wake of an actual cyberattack.
Security controls are classified into three primary categories:
- Preventive Controls: Designed to avert breaches, such as firewalls and access control systems.
- Detective Controls: Intended to detect breaches as they occur, including surveillance systems and intrusion detection systems.
- Corrective Controls: Aim to rectify issues post-breach, such as patch management and firewall rule adjustments.
Patch management, a critical technical corrective control, addresses software vulnerabilities. However, failures in patch management can arise from inadequate risk assessments or misclassification of asset criticality. Effective vulnerability management necessitates a comprehensive risk assessment that considers asset sensitivity, exposure, and the evolving threat landscape.
Advancing cybersecurity requires adopting a scientific methodology, standardizing operational protocols, and continuously evaluating the efficacy of security controls. Based on our research, BitsProof suggests that understanding and addressing the root causes of control failures is imperative for developing more robust cybersecurity strategies. By doing so, organizations can better safeguard their networks, detect malicious activities, and recover from incidents, ultimately enhancing their overall security posture.
