A Tale As Old As Time—exploitation In The Digital Era

David Schiffer is the CEO of RevBits and formerly of Safe Banking Systems (SBS). RevBits develops cybersecurity software for organizations.

Since the beginning of time, there have been givers and takers. Greed has always been a powerful motivator for criminal action. Many malicious actors believe their criminal activities are justified. They may cite social or political reasons for the exploitation of a business’s computers and data. Whatever the reasoning, it is clear that every business is a potential target in this era of cybercrime, and all must take vigorous action to protect data and systems from internal and external threats.

The onset of Microsoft’s Windows OS in the early '90s created a massive movement in the PC market and a significant concomitant rise in virus activity. This generated new antivirus products like Norton, Kaspersky and McAfee that scanned system files to detect threats. They functioned by comparing system files to a database of known malware signatures. But over time, antivirus solutions that scanned files proved ineffective against more advanced fileless malware infections.

With the explosion of smartphones, particularly the 2007 launch of Apple’s iPhone, security concerns skyrocketed due to the enormous increase in the attack landscape. Cybersecurity had to answer this escalation in threat potential with more advanced software. Data collection and analysis took center stage in order to gain more visibility into applications and network traffic.

Digital Technology Offers Endless Exploitation Opportunities

Unfortunately, the flipside to beneficial technology innovations of any era is their negative exploitation by criminal elements. The amazing business and personal advancements wrought by digital transformation and the resulting tsunami of IoT have opened up a veritable smorgasbord of opportunity for cybercriminals.

Today’s very mobile society craves the convenience of anywhere-anytime connectivity. This mindset has reshaped business models across the globe to spur growth, but also as a result of necessity. The remote work migration has astronomically increased the use of personal devices for transactions, exploding the number of endpoints vulnerable to exploitation.

While cybersecurity innovations have strived to keep pace with the expanding threat landscape, it always seems to be two steps forward and one step back in this high-stakes security game. With each security advancement, hackers work hard to find any vulnerable point of entry, the weak link or the gullible user. Organizations must discover, validate and eliminate potential vulnerability risks that can have a devastating business impact.

Today’s businesses can never fully relax or become complacent. Constant vigilance, visibility and data intelligence are required in order to thwart incoming threats or mitigate any intrusions.

The War Against Cybercrime Requires An Integrated Multilayered Arsenal

You wouldn’t lead the charge in a zombie apocalypse, disconnected from your team and armed with just paint guns. The object is not to stun or elicit a chorus of “ouch.” No, you want to annihilate the adversaries. A plethora of disparate security products that leave vulnerability gaps and generate time-wasting false positives can’t provide a united front to adequately protect systems, endpoints and data.

Businesses are engaged in ongoing warfare against malware campaigns that daily grow in scope and sophistication. Our government has legislated cybersecurity measures in an effort to strengthen and tighten security for government agencies and our critical infrastructure. However, despite the frequency of reported cyber exploits and dire warnings, companies still struggle to achieve cybersecurity readiness. An alarming 78% of senior IT and security leaders lack confidence in their company’s security posture, and nearly 80% believe their organization lacks sufficient cybersecurity protections, even with greater security spending.

The businesses that fully comprehend the gravity and avail themselves of the most advanced security solutions will not only survive but thrive. Companies that don’t take advantage of advanced security technology and leverage the expertise of those who know how to best employ them will be at a fundamental disadvantage. Today’s business environment moves quickly, where digital transformation becomes table stakes, and taking minimalistic action results in unnecessary risk that never leads to a good outcome.

Multilayered Security Defenses Expose And Thwart The Enemy

Cybersecurity strategies are moving away from a multiple siloed product model that generates mountains of non-contextual data. Security management can be a nightmare in such a scenario, with too much time wasted on non-critical alerts.

In light of the current insufficiencies in skilled cybersecurity personnel and the increase in remote management, today’s IT and security teams can do more with less by incorporating unified multilayered solutions that provide data with context for analytics, visibility and the management simplification they need to stay ahead of the threat curve.

Here are just a few of the advanced capabilities that should be part of every cybersecurity infrastructure:

• End-To-End Encryption.

• Identity Access Management (IAM).

• Privileged Access Management.

• Automated Password Management.

• Regular Vulnerability Scanning and Automated Penetration Testing.

• Endpoint Detection And Response (EDR).

• Extended Detection And Response (XDR).

• Multifactor Authentication.

• Zero-Trust Networking.

• Data Backup and Restore.

The meteoric evolution of our connected technology and requisite security, along with the accompanying and inevitable dark exploitation, will continue to spawn greater and more challenging accomplishments and hurdles. To remain on the winning side of the cyber defense game requires solutions that provide the greatest degree of visibility, vulnerability awareness, cyber forensics and access protections.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Cybercrime Has Evolved Alongside Security Innovations

From the earliest computer-to-computer network communication in 1969 to the catastrophic Internet worm in 1988 and the year 2000’s alarmingly infectious “I Love You” email worm, the trajectory of cybercrime has continued to blaze a trail of ever more sophisticated and malicious cyber threats.