Evolving Cybersecurity in the Current Security Landscape

Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Fadil Mesic of Titaniam examines the past, present, and future of cybersecurity in an ever-evolving landscape.

Companies looking to preserve sensitive data may be using some of the most standard security practices, and while these methods are necessary for a complete cybersecurity strategy, more is needed. While once these toolkits may have succeeded in stopping cyber-attacks, today, it just isn’t the case. Cyber-criminals have updated their infiltration methods to steal and extort data, but our security toolkits have stayed the same. Not only is this detrimental to a company’s reputation, should they have data exfiltrated, but it’s directly harmful to those whose data is stolen.

Today, cyber-criminals are seeking to exfiltrate and extort Personally Identifiable Information (PII) through sophisticated techniques meant to subvert traditional security practices. Current data security platforms and solution sets are falling behind and failing those who have entrusted their data to companies who promised to keep it safe. It is time to look toward the future of cybersecurity and evolve our solution sets.

Widget not in any sidebars

Cybersecurity: Past, Present, and Future in an Evolving Landscape

Cybersecurity Over the Decades

Over the years, we’ve seen many variations of data security platforms and how they handle cyber-attacks. It makes sense that, as an industry, we must now begin developing with the next generation of security in mind. The history of cybersecurity shows a clear path of evolution. For instance, in the 1970s and 1980s, security efforts were focused on securing physical computers and equipment. Once these systems became interconnected through the internet, during the late ‘80s and ‘90s, cybersecurity shifted to consider stolen credentials and viruses impacting whole networks. More recently, the 2000s have largely included innovations such as traditional tokenization, machine learning, and behavioral detection software that help filter potential cyber risks. However, today’s cyber landscape is swiftly changing while demanding even more than in previous years. Cybersecurity must now be developed with entirely new and emerging challenges in mind.

Today’s Cyber Landscape

Compared to cyber landscapes we’ve seen in the past, our data is more interconnected than ever and this doesn’t appear to be slowing down any time soon. Data analysts expect the global Internet of Things (IoT) – connected devices – to increase by 43 billion in 2023.

Companies are also ingesting large amounts of personal data, storing them, and, in many cases, actively using them in rich data analytics and index searches. Our cybersecurity challenges today are less focused on physical security than in previous iterations, even though these are still essential components of effective cybersecurity strategies. We see criminals focused more than ever on stealing rich data to extort companies and their customers, and our toolkits and strategies are becoming less effective. Traditional security methods are not securing our sensitive data, which is today’s digital gold. Unfortunately, ransomware has become a hazardous tool that bypasses our current defensive efforts. As security professionals and experts, we must adapt and overcome. It is time to seek newer and innovative ways to keep pace with modern threat actors.

Cyber-Criminals Changing Tactics

Within recent years we’ve seen multiple examples of outdated security methods failing to protect and secure sensitive data. Despite collecting vast amounts of our personal data, companies have no secure means of keeping it. Our digital world is in danger because of this. Sensitive information is no longer being protected with traditional methods because cybercriminals are exfiltrating valid credentials into these data stores and infrastructures. All the while, our PII is left inside in many cases in clear-text format. This means that these criminals can easily access, steal and extort PII just by targeting valid employee information from the start. Their tactics are changing, and so must ours.

These exact scenarios have been seen repeatedly within the last few years.

• In 2017, we saw millions of Americans impacted in one of the worst security breaches to date because of human error.
• In 2019, we saw cybercriminals exfiltrate data from a popular social media service because an unpatched security vulnerability was exploited. This left millions of stored user data in peril.
• And more recently in 2021, we saw an entire industry feel the impacts of one password falling into the wrong hands.

Looking to the Future Of Solution Sets

The question then becomes, “What should data security platforms aim to achieve now? How do we prevent these scenarios in the future?”

Today, data-related breaches and extortion have become the main threat among companies seeking to collect and store PII. In a recent study, 70 percent of companies surveyed admitted to experiencing a ransomware attack. Of those companies, 60 percent admitted the same attackers tried extorting them further using the stolen data. It’s become clear that cybercriminals are targeting databases with sensitive information knowing that once they are inside, there is very little to stop them from taking what they want.

In the past, companies with standard security hygiene have often used traditional tokenization in conjunction with data encryption methods. This can include data-in-transit and data-at-rest. However, this recent outbreak of data extortion demands more innovative and holistic approaches. One example is high-performance encryption-in-use technology, which could be deployed alongside traditional and emerging security technologies. This would allow companies to use and store collected data while keeping its security in mind and safeguarding PII from antagonistic entities. Keeping sensitive data encrypted at all times throughout its whole lifecycle, including creation, collection, transformation and storage, is extremely important. But, it is the time when data is used (searched, transformed, analyzed) that we need to keep our guard up and retain the same level of protection, as in data-in-transfer and data-at-rest cases. Keeping the data encrypted for as long as possible is a key part of the overall security strategy. In particular, it is the time when the data is passed between different systems, it’s being sanitized, cleared, transformed, loaded into data stores, prepared for use, or it is used (searched and analyzed) that is the most susceptible for exfiltration. In many cases, data is decrypted and often left in clear-text format for extended periods. Multiple copies of the data “hanging around” in clear-text are a major issue for organizations.

High-performance encryption-in-use technology aims to close that missing gap that attackers often exploit to gain access to sensitive data. One of the requirements of such a technology is that it must allow the continuity of established business processes with minimal or no intrusion. It must be easy to deploy and configure, and it must be performant and ubiquitous. Search platforms such as Elasticsearch and OpenSearch have long been plagued by data breaches resulting in the exfiltration of big amounts of sensitive data. In many cases, it was stolen credentials, systems misconfiguration, or both that led to the data being stolen. But, at the core, it is the issue that the data searched was in the clear-text in the first place that allowed the attackers to leave with the sensitive data in their hands.

The development community and teams developing and improving search platforms have made some serious efforts in the right direction to harden and protect the search platform by adding a set of security plugins that would restrict access to systems (through black and whitelisting) restrict access to data based on users and roles configured and would limit the amount of the data being returned at once (preventing bulk exfiltration). All of these are good and necessary parts of the overall security posture. However, the data stored in the indices, searched and analyzed, is still kept in clear text, which leaves these systems vulnerable to data exfiltration. Adding high-performance encryption-in-use to these systems encrypts this data at the point of ingest and keeps the data in the systems encrypted at all times, even when it is searched and analyzed. The best thing about it is that end-users do not have to modify their searches or the ways they were analyzing the data. The data is released on a “need-to-know” basis, supporting business cases of releasing the absolute minimum-necessary clear-text data to authorized individuals only (e.g., for review or report/results printing) or passing encrypted results of searches to down-stream applications for further analysis or processing. Results of searches can be released in different ways to different users based on the release schemas associated with roles. Each field can be returned in several formats (including encrypted, redacted, masked, partially masked, or clear text when necessary).

Solution sets today just aren’t built with today’s security concerns in mind. Companies are collecting more PII for the purpose of analyzing and indexing them for later use, but they aren’t securing them. This rich data is left in vulnerable clear-text formatting. Cybersecurity experts cannot expect to see different results when utilizing the same traditional methods. Instead, these security professionals should begin looking ahead to more innovative and updated methods of cybersecurity, such as high-performance encryption-in-use technology, which can be used alongside traditional security methods and enhance existing defenses.

Widget not in any sidebars