CyberJAGO Thoughts & Opinions

JAGO

Sharing a Pragmatic View of Cybersecurity

Mitigating Symptoms Instead Of The Root Cause

I am a firm believer in concerted industry action.  One thing we might want to put our collective muscle behind is doing more to address the roots of some of the problems we face, rather than the symptoms. 

Take email phishing, for example.  It’s still very, very prevalent, and the global shift to remote work has only exacerbated things.  It is lamentable because in my view it’s simple enough to vastly reduce it.  If we only allow through emails that are coming from trusted sources, we could slash the amount of phishing.  

Instead of prevention, we’re piling on tools and depending on remediation to try to solve the problem.

There is a lot of talk today about zero trust.  Applying the principles of zero trust to emails would mean that if I can’t validate or authenticate a source, then the email couldn’t get through. We need to get away from a security model that focuses on the perimeter and look for alternatives.

With cloud-based internet, you don’t need to establish trust between host machines and the internet. Isolation might be one way to address the problem.  Activating phishing-resistant device-dependent multi-factor authentication might be another.

A major problem we have is users clicking links that install malware in their devices.  Link-clicking is allowed because it speeds up the process and minimizes friction.  But many times, malware is not picked up by the security tools.  

We have to find a compromise that might make the user experience a little bumpier but prevents malware from getting installed.  If we apply the zero-trust model here, then instead of trusting the user, we should tighten up the digital certification.

Infrastructure vendors could also play a role, because they are allowing a lot of servers to act as SMTP servers, letting bad actors create accounts and send out messages.  It may take a day or two before they identify them as malicious actors and cut them off, but by then, a lot of damage is done.

I think the infrastructure vendors also have to do more to authenticate these servers.  Vendors themselves have to validate in a more precise way if a person really has any business sending things to the internet.  They need to be better gatekeepers of what’s allowed on their systems. They need to do a better job of monitoring the traffic that’s going on their systems and taking preemptive steps.

We who have to defend our networks are looking for real solutions at a time when CISOs are being asked to do more with less.  We must join forces on a common goal and apply pressure on vendors to mitigate, if not outright solve the problem.

CyberJago

I am a senior executive with over 25 years in the information and cyber security space with a passionate focus on technology, strategy, market share expansion, sales growth, and merger & acquisitions. Formerly the Mexico Chief Information Security Officer for a top 20 Global Bank, I love to tinker and seek solutions to the challenges of technology, regulatory compliance, and Cyber risk.