As companies continue to splurge on cybersecurity, hackers enjoy record levels of success.
There’s a famous scene in Raiders of the Lost Ark when Indiana Jones is battling his way through a crowded village in hostile territory. As Indy makes his way to safety, the sea of people parts and out of the crowd emerges a master swordsman dressed in all black from head to toe.
To capture Indy’s attention and show off how well he can use a sword, he twirls his giant weapon up and down and side to side in a menacing display of pre-fight bravado. Unimpressed, Indy rolls his eyes, calmly removes a pistol from his belt and fires a single shot at the swordsman. In one second, the fight is over.
“Companies are building giant walls in front of their house as hackers casually walk in through the unlocked back door (smirking just like Indy did at the swordsman).”
Unfortunately, in the ongoing fight between companies trying to protect their network from hackers trying to breach it, there is growing evidence that companies are unwittingly playing the role of the swordsman. Measures taken by companies to secure their network and improve cybersecurity are flashy and sound good on paper—but they don’t seem to be that effective at keeping hackers out.
According to the recently published State of Cyber Security Resilience 2021 study, 82% of companies increased their cybersecurity spending in the last year. Yet, at the same time, successful breaches from hackers increased by 31% from the previous year.
“When you put up a big wall in our environment, the back door isn’t left unlocked…because it’s not there in the first place. There is no back door.”
The Shift to Remote Work is a Scapegoat—the Real Problem is Fragmentation
The shift to remote work is often cited as a reason for the increase in cyber-attacks against corporations.
It’s true, protecting the integrity of your network is hard enough when all your employees are working side-by-side in an office on company-issued devices. And yes, the recent shift to remote work means there are more opportunities for your employees to store corporate data on their personal devices. If employees do not properly manage security controls on their own device, this “authorized” endpoint can be compromised and provide access to the corporate network.
But your employees were storing company data on their personal devices before the pandemic. It was a problem then, and it’s a problem now. The shift to remote work just served to put a giant spotlight on it.
And that’s the point. At TetherView, we believe the IT challenges of managing and supporting a remote workforce highlight a much bigger and fundamental issue with how most companies structure their IT environment—everything is fragmented. Information technology maintenance, threat monitoring and cloud services cannot effectively work together to stop cyberattacks if they operate independently of one another. IT sprawl means there are multiple entry points for hackers and more potential areas of vulnerability.
One Way In. One Way Out.
We have many mottos at TetherView. For the topic of IT fragmentation, the answer is simple. One way in. One way out. Networks should be run in a zero-trust environment that provides visibility into everything and only provides your employees (and the bad guys) with one way into your network…and one way out. When you put up a big wall in our environment, the backdoor isn’t left unlocked…because it’s not there in the first place.
Consider how this approach improves security around email, one of the main points hackers use to enter your network. In a zero-trust environment, to protect users from potentially malicious websites, all links in emails are sanitized using a sandbox server. The user cannot access the link directly. This mitigates attacks on personal devices by conducting analysis on the server side and injecting the results into the email.
Introducing a zero-trust environment to your IT infrastructure supercharges the other things you are doing to enhance your cybersecurity. A “before and after” with our clients shows that security measures they had in place before our partnership were 70% less effective. Hackers are becoming more resourceful and finding new ways to carry out their attacks. It’s time for companies to introduce security solutions that help level the playing field.
In other words, don’t bring a sword to a gun fight.