Detecting Compromises Requires Monitoring a Series of Activities Over Time
In the wee hours of April 15, 1912, the unthinkable happened to the unsinkable. The RMS Titanic sank. She and more than 1,500 souls perished in the icy waters of the North Atlantic.
A century later, I sat watching the tragedy unfold as I made my own transatlantic passage aboard an Icelandair flight. I’d thought a three-and-a-half-hour film might make the trip pass faster. Instead, it only made me wonder: How stunning is Kate Winslet? And how safe is modern travel?
In its day, the Titanic had been a high-tech marvel. A product of Industrial Revolution innovations, it was grand, luxurious and in hindsight, not as safe as advertised. Its ill-fated passengers fell victim not only to an unforgiving sea, but to human error, outdated maritime safety laws, technological hubris and pernicious vanity.
Today, we expect more, no? At the very least, I don’t expect to run into an iceberg. You know, once I win the lotto and sign up for a luxury cruise.
A Delicate Balancing Act
Earlier this year, the British television network Channel 5 broadcast “Building the World’s Most Luxurious Cruise Ship,” a documentary about the construction of the Seven Seas Explorer.
“Luxury,” said the narrator, “is heavy.” Hence, critical to the ship’s design process was ensuring that her decadent interior, including stone floors and marble walls, wouldn’t disrupt her stability. In fact, everything – from lifeboats to pianos, plates and champagne bottles – had to be accounted for in terms of weight, quantity and location. With some 20,000 items under scrutiny, initial design plans were revised, again and again.
What I found curious, though, was that while the documentary detailed safety test after safety test, not once did it mention cybersecurity. Of course, that doesn’t mean there wasn’t a plan in place, but it did get me thinking, especially after reading about how hackers can exploit load-balancing software to capsize large vessels.
It’s All Fun and Games Until Someone Can’t Play Shuffleboard: Confidentiality vs. Integrity vs. Availability
Sure, taking over control systems to capsize a ship is extreme, but is it out of the question? It’s not like we haven’t seen hacks happening in the shipping industry. For example, the recent data breach at UK shipper Clarksons and last summer’s NotPetya ransomware attack on shipping giant Maersk. What if hackers decide to take things up a notch?
At this point, do information security teams feel like they are rearranging the deck chairs on the Titanic to balance the protection of confidentiality, integrity and availability (CIA) triad? The difference between a confidentiality and an integrity or an availability breach is significant – and scary.
While a confidentiality breach of a data system – for example, a hacker getting his hands on a passenger manifest – could mean damage to corporate brand, reputation and profits, an integrity or availability breach of a critical onboard navigation, power or cargo management system could prove disastrous. Data theft isn’t fun or a game, but data manipulation or inaccessibility that could result in loss of safety trumps all.
Can we be too careful? Remember that iceberg … Hubris, as we know from the Titanic, can be dangerous.
At minimum, businesses should prepare as best they can to prevent and defend against malware and ransomware exploits. Where there is Internet connectivity, especially in conjunction with the not-always-reliable human element, there is risk of cyberattack.
Disaster Aversion: Let History Be a Lesson
When the Titanic sank, there was – and still is – much retrospective talk about what happened, who was to blame and how the tragedy could have been prevented. The iron and rivets were too weak; the bulkheads, too short; the lifeboats, too few. But should’ves, could’ves, would’ves aside, the Titanic taught a hard-knocks, clichéd lesson: Better to be safe than sorry.
Hard to call it a bright side, but the disaster did at least lead to review and reform of maritime regulations; changes to ship design, lifeboat requirements, wireless operations, ice field navigation; and ultimately, safer travel at sea.
Today, that safety extends to implementing sound cybersecurity practices. A first and imperative step toward ensuring better protection of assets, business and humanity is to assume that everything is connected – and therefore, vulnerable. A second could be to consider investing in a network visibility solution.
Detecting compromises requires monitoring a series of activities over time. Unfortunately, most security tools only have visibility into a certain set of activities and cannot see and comprehend the entire kill chain. With a network visibility solution, companies can see all the data across their infrastructure to help identify weaknesses and improve their security posture. Put simply, it helps optimize existing prevention and detection security tools by simplifying, consolidating and sharing relevant data with them at the right time so they can more quickly expose malware and accelerate threat response and mitigation.