The “Internet of Things”, or IOT: we’ve all heard the term, but what does it really mean? More importantly, how do we secure all of these … “things”?

Cell phones, tablets, wearables, and other mobile devices dominate our lives. I personally bring my trusty iPad to everywhere, and, like everyone else, have my phone with me at all times. The biggest attack surface for any enterprise, then, may well be these devices. How can we assess the threats? What are the components in need of protection? What are some key methods of protecting them?

Earlier this month, I wrote about the Zero Trust model for security. As I proceed through these daily blogs, I find many of them complement the ZT model; data security is one. Outside the IOT world, the goal of cybersecurity is to protect data. The Zero Trust model recognizes this and focuses on keeping security close to the asset, and portable.

Configuration management is a many-headed beast, but the biggest beast with the sharpest teeth is the patch monster.  Every day, a new vulnerability, a new patch – and an old decision:  patch and maybe break something (I’m looking at you, Spectre and Meltdown), or stay online and be vulnerable.  This model – “panic patching” -- is in wide practice, but not sustainable.  For now, an efficient and reliable system is essential; for the long term, we need an entirely new model.

By now, you’ve heard it a hundred times: the perimeter is breaking down, no more “crunchy outside” to protect a “chewy inside”, no more castle-and-moat model of network infrastructure security. If there is no inside and outside, then where do defenses belong? What security architectures make sense for such amorphous network?

Once upon a time, endpoint security was just a hall monitor: it watched for known bad files identified with a simple signature and sent you an alert when the file was blocked. To be safe, it would scan every machine daily, an intrusive activity that slowed down machines, and sped up the heart rates of affected users and hapless analysts at help desks.

Insider Threat: it’s one of the biggest and most persistent issues in cybersecurity. High-profile cases – Manning, Snowden, and others – have kept the issue in the public eye; government security personnel are rightfully concerned. In addition to the willfully malicious, though, many insiders lack ill intent, but pose a threat just the same.

Do developers at your company keep application security top of mind when coding? Do they have training in secure code development?  Do they have the tools to develop code securely? If they find a security issue, can they quickly fix the issue in all instances throughout a large-scale application? If they use open-source code, do they verify its security?

“Build it in, don’t bolt it on” is a mantra we all learn when we study cybersecurity, yet we see it in practice far too rarely. Our adversaries also know this principle and have begun to implement it by infecting the supply chain – hardware and software – as close to the source as possible. DLT technology partners Crowdstrike and Symantec both note the trend in recent threat reports. In their July,2018 report¹, Crowdstrike notes that:

Phishing, vishing, whaling, spear-phishing: the list of clever new terms seems constantly to change. A successful attack by any other name, though, is just as sweet to the adversary. Terminology aside, the fundamental problem is this. Phishing is the most common and effective way to steal data because it goes after the weakest chain in our cybersecurity armor: the human being. Even high-profile people, including one CEO of a major cybersecurity firm and major figures in law enforcement, have fallen victim to phishing attacks.