“You are chained,” said Scrooge, trembling. “Tell me why the chains bind you.”
“I wear the chains I forged in life,” replied Marley. “I made it link by link, yard by yard. I fastened it on of my own free will. Is this strange to you?”
In Dickens’ classic A Christmas Carol, the parsimonious curmudgeon Ebenezer Scrooge encounters the ghost of his deceased partner and like-hearted skinflint, who warns him of the burdensome cost of wearing chains “forged in life.” The links that comprised Marley’s chains were the choices he made to value self and money over others and, in death, those decisions haunted him with the regret of what could have been if he’d traveled down a different road through life.
Likewise, today’s enterprises are forging fetters that may one day haunt them with the burden of what could have been—what should have been—when choices made of ignorance or intent become a hacker’s kill chain. But as with Scrooge, it’s not too late to change. If you’re reading this, you can break the kill chain and re-write your story.
To be fair, maybe the links to your chain were forged by a predecessor; perhaps those links were forged of necessity based on best available knowledge or technology. Some of those links may be decisions you couldn’t make because of budget constraints or information that was not available at the time. Whatever the cause, your enterprise’s network, and the systems put in place to protect it, are most likely a mishmash of technologies with links both strong and weak.
And you know what they say about chains and weak links.
At some point someone is going to try and find those weak links and exploit them for nefarious purposes. Think you’re immune? I recently read a story about a small linen services company in Massachusetts that was hacked by its larger, New Hampshire-based competitor in an attempt to pilfer a list of customers that it could target for poaching.
This was not a bank, hospital, retail chain or multi-national conglomerate, but a small company cleaning napkins and tablecloths for local restaurants. And the bad guys weren’t sophisticated cybercriminals operating from an Eastern European enclave, nor state-sponsored actors behind the walls of a nondescript Asian warehouse—they were linen cleaners themselves.
It doesn’t matter who you are or what business you’re in, the bad guys are going to swiftly move up the kill chain until they get what they want.
So what’s an enterprise to do? First, realize that you can break those chains by breaking just one step. Even if the bad guys managed to convince one of your users to click on a cute cat video, all is not lost. You can stop them in the data exfiltration phase by checking for external communication to known bad IP addresses or detecting sensitive information leaving your network with a data loss prevention solution. Deconstructing the kill chain allows you to create a prioritization strategy that is unique to your business, and develop counter measures for every phase.
Next, make sure you’re thinking beyond prevention, and have invested in a second layer of defenses involving rapid discovery and containment. Prevention is utopia; but security solutions are not hack-proof. The response time between breach and detection is still lagging, and the most important thing when a breach is found is to contain it.
Finally, go on the offensive. That doesn’t mean hack-back at the bad guys, but to hack forward and find the vulnerabilities in your systems before they do, to identify the weak links and disrupt the kill chain that’s been forged in your life.
I’m not talking about a one-time or occasional white hat hacker exercise, but a continuous process that, like the bad guys, uses the latest intelligence, technologies and techniques to probe for cracks in the iron of your defense’s links. Eternal vigilance is the price of security, after all. And like Ebenezer Scrooge on that fateful Christmas Eve, you may vow to make the changes necessary to un-do the burden of a kill-chain forged in life and declare as Scrooge did the next morning:
“I will put everything right! I will change the future!”