If the definition of insanity keeps repeating the same thing repeatedly and expecting different results, one might say the cybersecurity industry is crazy. Criminals continue to innovate using highly sophisticated attack methods, but many security agencies still use their same technological approach 10 years ago.
The world has changed, but cybersecurity has not kept pace. Systems distributed with people and data everywhere indicate that the perimeter has disappeared. In addition, hackers cannot be more excited. The same technological approach, such as reviewing the rules of interpersonal relationships, manual procedures, and warnings about isolation, to do more than just cure the symptoms when dealing with the underlying problem.
The world has changed, but cybersecurity has not kept pace. Systems distributed with people and data everywhere indicate that the perimeter has disappeared. In addition, hackers cannot be more excited. The same technological approach, such as reviewing the rules of interpersonal relationships, manual procedures, and warnings about isolation, to do more than just cure the symptoms when dealing with the underlying problem.
The certificates are supposed to be the front door of the fort, but fail to identify it as the SOC failed to change. The cybersecurity industry must rethink its strategy to analyze how certificates used before they become major problems.
Certificates of compromise have long been an early invading vector, but in the midpandemic world, the problem is exacerbated. The impact the attack further exacerbated by the acceleration of remote work as companies struggle to secure their networks and employees work from insecure connections.
In April 2020, the FBI said reports of cyber security attacks on the agency had increased by 400% compared to the previous epidemic. Imagine where this number is now in early 2021. It only takes one compromised account to access an attacker’s active directory and create his or her own certificate. In this national environment, all user accounts should consider potentially compromised.
Almost all of the hundreds of breach reports I have read involve compromised credentials. According to the 2020 Data Violations Investigation Report, more than 80% of hacking violations now enabled by the use of brutal force or lost or stolen certificates. The most effective and commonly used strategy is the credential stuffing attack, where digital adversaries continue to break in, exploit the environment, and then periodically move to gain higher-level access.