Why enterprise giants can’t escape cybersecurity breaches

There is an epidemic of security breaches all around. Just last month, in the span of one week, a hacker gained access to the personal information of American Airlines customers, yet the company reported record revenue of $13.4 billion in Q2; Uber took its internal comms and engineering systems offline following a network compromise but noted a Q2 revenue of $2.7 billion; even video game studio Rockstar Games was compromised when a bad actor stole in-development footage and data from the unreleased next installment of its billion-dollar Grand Theft Auto game.

Cyber adversaries can remain undetected for an average of 201 days. That’s just over six months. It’s a shockingly small amount of time for some of the top companies worldwide to assume they’re safe from bad actors. At the same time, the VC industry doled out a massive $17.1 billion to power the growth and sophistication of existing cybersecurity vendors and fund new disruptors, while attacks are increasing in number and cost. For the twelfth year in a row, the U.S. holds the title for the highest cost of a data breach, with an average amount of nearly $9.5 million per incident. 

With rapid digitalization increasing over the past decade, it’s almost absurd to think that with all the time and money invested in cybersecurity, there hasn’t been a legitimate breakthrough. Why aren’t these enterprise giants that have funds and access to top-notch cybersecurity systems and top talent unable to avoid massive breaches and contain the massive damage to their products, services, and customers? The conclusion is easy when you realize it. They aren’t finding the adversary because they aren’t looking for it intentionally and continuously.  

How did it get to this point?

The cybersecurity outlook is disappointing, and its current state of regular compromise and uncertainty can be traced to a handful of factors.  

For one, threats are constantly evolving. Whenever cybersecurity teams pinpoint a solution to one threat, a dozen or more could have popped up in its place. It’s the current nature of cybersecurity teams to be reactive. But that perpetuates an ineffective cycle of being unable to think ahead. Bad actors scan networks and develop attacks before defenders can even detect and patch such system breaks. Solutions are obsolete the moment they’re deployed.  

Additionally, as defense architectures have become increasingly funded and grown in complexity, they lack true accountability to test whether they’re effective. Intricate tech and ballooning costs created false safety — these solutions cost so much and they take specialized experts to deploy, so it must be working, goes the line of thinking. We also just have to accept that investment in cybersecurity does not equal actual protection. Instead, vendors simply deliver without dynamic monitoring capabilities and leave incremental protection that doesn’t scale.  

Large enterprises also need to break free of the “it won’t happen to me” mentality. Obviously, given the numbers, it will happen at some point. Even with the best cybersecurity systems and top talent in place, companies are still vulnerable to dangerous threats and crippling cyber-attacks. That said, there are tangible ways to contain adversaries so that companies aren’t constantly underperforming from a protection point of view.   

Create continuous cybersecurity assessment

There must be a bigger focus on creating or adopting capabilities that disrupt the current complacency in cybersecurity. Don’t think about keeping adversaries out of networks — assume that they’ve already inside. It’s a scary hypothetical that isn’t hypothetical at all. Chances are the bad actors are actually in networks as you’re reading this. But it’s a secret advantage. Companies can’t overlook the power of their own network data.  

By establishing a factual, internal network-focused process of continuous compromise assessment, companies can create a sense of certainty around cyber-attacks. 

• Detection: Companies should already automate proactive threat detection and prevention capabilities to be able to sift through the unreasonably high number of false alerts that internal network behaviors produce, while also flagging the compromises that could already be there. 
• Response: A normal reaction when teams identify a cyber-attack is panic. The best response is to know the next steps once a viable threat is flagged. Incident responses through automated tools give users step-by-step details to mitigate the spread of further attacks. 
• Integration: The problem then evolves into how to collect signals of network traffic and viable threats in a way that accurately repels the attack. Solutions must be open source enough to connect any tool in an existing security stack along with the ability to add additional integrations for ever-evolving threats. 
• Correlation: After credible threats are dealt with, data should be stored and reanalyzed to improve resilience over time. This way, metadata can be scrutinized repeatedly over new intelligence as new threats arise. It goes without saying that the data should be stored correctly so that the needed information can be easily and safely retrieved.  

There can be no one-size-fits-all silver bullet solution to mitigate attacks. But continuous compromise assessment simplifies the decision-making process for team leaders and changes the dynamics of a company’s cybersecurity ecosystem.

The reality is that bad actors won’t go away. What can go away are the ineffective responses to an organization’s cyber threats. Creating constant visibility into the nature of compromises is step one in an effective cybersecurity strategy. 

Ricardo Villadiego is CEO and founder of cybersecurity firm Lumu.