Flying Blind: Why Visibility is Cybersecurity’s Achilles Heel

If National Cyber Security Awareness Month wasn’t enough to draw attention to today’s cyber threats, recent headlines might do the job.

Consider last week’s massive distributed denial-of-service (DDoS) attack. Internet-connected webcams and digital TV recorders flooded a major Domain Name System provider with bogus traffic to cripple Twitter, Netflix, and others. It was one of the first large-scale attacks that exploited the emerging Internet of Things (IOT). It won’t be the last.

And if this year’s U.S. presidential campaign wasn’t wild enough, the race has been overshadowed by WikiLeaks’ steady releases of private email from the Democratic National Committee. The leaks stem from a phishing attack that the White House blames on Russia.

These attacks are starkly different. The first exploited technological vulnerabilities. The second, like most of today’s cyber attacks, took advantage of human nature. But both speak to one of cybersecurity’s most acute and fastest-growing problems: the visibility gap.

Even as organizations spend upwards of $100 billion per year on the latest tool [1], cyber attackers keep getting through. Data continues to be stolen. Breaches keep appearing in the news. And the losses continue to mount.

That’s because despite all the awareness and spending around cybersecurity, most organizations are looking for threats in the wrong places. According to Gartner, more than half of all IT security spending goes toward protecting the network. But 90% of attacks start with people, mostly beyond the control and safety of your perimeter.

That’s why the best approach to cybersecurity is one that focuses on people and where they work today—over email, through social media, and on all types of devices.

Here are just a few statistics unearthed by our researchers over the last year:

• More than one in every five clicks to a malicious URL in email takes place off the corporate network through email, social networks, or on mobile devices.
• About 40% of Facebook accounts and 20% of Twitter accounts that appear to be related to Fortune 100 brands are impostor accounts. These accounts steal customer data, damage your brand, manipulate markets, and commit fraud.
• More than 12,000 malicious mobile apps are available from authorized—that’s right, authorized— Android app stores. These apps, which account for more than 2 billion downloads, can steal information, create backdoors, and other functions.

In today’s threat landscape, network myopia is costly. It increases your risk. It makes security incidents more difficult to resolve. And it leads to more expensive cleanups.

So how can the modern enterprise close the visibility gap? Here are three basic steps you can take today:

Step 1: Identify key blind spots. Determine whether your current defense is in the flow email, social media, and mobile devices. According to the Ponemon Institute, a whopping 80% of organizations don’t detect breaches until a week or longer after the fact. And more than half aren’t sure whether they know the root cause [2].

Step 2: Create a plan to close the gaps. This may include modeling your return on investment and potential impact to your security operation. Cleaning up and remediating a cyber attack takes an average of 31 days at a cost of $20,000 per day [3].

Step 3: Consider solutions to improve your visibility. The best tools will detect threats beyond the network and tie into your incident response tools.

For more detail about these steps, download our whitepaper Blind Spots: Why Cybersecurity’s Visibility Gap Matters, and How Organizations Can Solve It.

Because if your cybersecurity efforts are focused on the network, your biggest threats are likely the ones you’re not seeing.