A Cybersecurity Post-Mortem for 2018

February 28, 2019 - Marc Chenn

In 2018 we saw dozens of unfortunate enterprise cybersecurity incidents resulting in loss of data, privacy, money, and trust for the individuals and businesses involved. Many of these incidents could have been avoided. This blog post is a high-level post-mortem analysis on the current state of cybersecurity.

2018 – Not a great year for cybersecurity

In June we saw credit card skimming malware leverage Ticketmaster’s website to steal payment card data from at least 40,000 customers, and another piece of malware steal data from 10 million Dixons Retail accounts in the UK.Fitness tracking apps also took a hit in 2018. Vulnerabilities in the mobile apps for MyFitnessPal and Polar Flow were exploited and millions of users’ location data was appropriated.And we had the massive leak of 340 million records from Exactis including details from just about every person and business. Throughout the year we saw how Facebook took a series of hits, beginning with issues involving Cambridge Analytica and continuing with various customer data privacy violations by various third-party applications.

Probably getting worse before it gets better

Regardless of industry every modern enterprise has at least one thing in common. They all run substantial elements of their business on digital infrastructure that includes software, applications, and code.Most businesses have a software factory, or software supply chain, comprised of software developers, DevOps teams, and IT operations teams whose job it is to bring digital innovation to market quickly and securely. Our digital reality today is very different from the bricks and mortar of the past, and most businesses are doing their best to figure out how to secure it all as they go.Understandably there have been some bumps in the road to digital transformation. There literally are not enough humans in the world to manage and secure all the digital business infrastructure currently in production.According to Cybersecurity Ventures and CSO Magazine there are an “estimated 350,000 open cybersecurity positions in the US” today. But the shortage will get worse. According to the same report, businesses will face “a predicted global shortfall of 3.5 million cybersecurity jobs by 2021.”What’s more, according to a report published by Gartner, IBM, and Sonatype, the average number of days before a known and reported vulnerability is exploited has been substantially compressed from a manageable 45 days in 2006, to just three short days in 2017.

The Sonatype 2018 State of the Software Supply Chain Report states, “A series of high profile and devastating cyber attacks last year demonstrated that adversaries have the intent and ability to exploit enterprise cybersecurity vulnerabilities in the software supply chain. Never was that so apparent than in the massive breach at Equifax. One detail that did not receive sufficient attention was the three days between the Apache Struts vulnerability being announced (March 7) and the initial breach at Equifax (March 10).”

Watch this Salt Air episode by SaltStack technical founder, Tom Hatch, on the rapidly shrinking security window and what this means for enterprise cybersecurity SecOps teams. In essence, there are not enough skilled humans to protect digital business. This combined with a shrinking threat window should raise alarms SecOps teams to protect business from bad actors in global enterprise cybersecurity.

There’s hope…most security breaches are preventable

Digital business demands a better approach to application and infrastructure security. The solution starts with a realization that most security breaches are preventable with proper day-one infrastructure configuration and deployment. Combined with ongoing system hardening and rapid, automated response to emerging threats at scale, cybersecurity functions have a fighting chance to protect our data and our customer’s trust.

A sustainable solution to this SecOps challenge must leverage the benefit of automated configuration and policy compliance to more effectively protect our digital world. In my next post I’ll dive into how SaltStack SecOps can be part of the solution and I’ll outline five steps digital businesses can take today to proactively and reactively protect against a volatile threat landscape.

To learn more about SaltStack SecOps: