The story of how ancient Greece defeated the thoroughly fortified city-state of Troy will never stop being relevant, especially when it comes to cybersecurity. Regardless of how impenetrable preventative cybersecurity may appear, there is always a way to sneak in, and one of the best ways in is by proxy of a trusted person or vessel.
While an enterprise cyberfortress might not open the gates for a massive package delivered by a sworn enemy, it does opens the gates every single day to an equally dangerous potential cyberthreat: its own employees. Now more than ever, a detective defense such as managed SIEM is essential.
Three common, conniving ways hackers leverage corporate insiders to breach companies include the following: Shadow IT, which is employee misuse of IT resources knowingly or unknowingly in such a way that digital company assets are put at risk; social engineering, hackers' use of social media and information gathering tactics to isolate human targets that may serve as a conduit for misgivings; and direct attacks on company insiders that can come in the form of hacking employees' or executives' personal accounts or hard drives. When any of these tactics are employed successfully, preventative cybersecurity becomes as useless as Troy's walls with an enemy-riddled horse inside of them.
Recent cybersecurity examples in the media
Several headlines have highlighted the threat posed by insiders. Take the example of Hillary Clinton, who was the subject of an email scandal that involved her use of a personal email account on a secure government server. What's more, she shared material that was deemed "classified" by the government. No damage has resulted from the blunder, but Clinton's actions are technically an example of Shadow IT and the potential damage that can happen when end-users go outside of IT to solve a technical problem.
Another recent development involved a group of Iranian-based hackers suspected to have created fake LinkedIn profiles in an attempt to target government and telecom professionals. Fortunately, the charade was picked up by Dell Secure Works before any damage was done. The fraud fits the classic profile of social engineering.
A third example of how insiders can be leveraged for malicious purposes is the direct hacks on personal email accounts of CIA Director John Brennan and Department of Homeland Security Secretary Jeh Johnson. Once again, it appears that no classified information has been compromised, according to CNN.
"SIEM-as-a-service creates internal security that can detect danger early."
The solution to cybersecurity woes is SIEM-as-a-service
Luck played a huge role in all three of the examples listed above; the consequences of each could have been substantial. But businesses cannot depend on luck to defend them, just as they can't depend entirely on preventative cybersecurity to protect their assets.
Security needs to exist within the network fortress, which is exactly what SIEM-as-a-service supplies. By monitoring network traffic and activity and sifting through the vast quantities of data and security alerts on any given day, SIEM-as-a-service creates internal security that can detect danger early.
Unlike legacy SIEM software, managed SIEM is cloud-based and easily deployed, making it suitable for small and medium-sized businesses and large enterprises alike. It is also more affordable, both in terms of cost for deployment, and in terms of resources. Security experts on the provider's end optimize the service, rather than burdening the already overworked internal IT team with the task.
As the Trojans painfully discovered, big walls mean nothing when the interior is ill equipped to handle insider threats. Managed SIEM helps protect against insider threats, whether they are the result of employees' folly, or worse.
Cybersecurity news and analysis brought to you by Arctic Wolf, leading provider of managed SIEM services.