Security in a VUCA world

Today digital security that is just based on fingerprinting of traditional signatures, without understanding the new Tactics, Techniques, and Procedures (TTPs) is living in the dinosaur age.

By Venkat Krishnapur

The acronym VUCA was reportedly coined by the United States War Army in 2001 after the 9/11 attacks in the United States. VUCA is a highly charged Volatile, Uncertain, Complex, and Ambiguous world environment that requires a different level of management and leadership. While this was largely reflective of the physical world, VUCA is now equally true and relevant in the Digital space.

With an explosive growth of digital needs and services particularly after the pandemic, the threat landscape has only exponentially increased – across both Consumers and Enterprises.

In the Telecommunications industry, in particular, this could not have been truer. Given the high interconnectivity and data proliferation – driven by both the pandemic as well as the proliferation of IP-enabled devices on the networks, the telecom sector, has become a fertile ground for attacks – both at the ISPs as well as at the end Consumer.

Compounding the risks are newer technologies such as 5G.

Vulnerabilities in Protocols

The risks come from potential vulnerabilities in the new protocols as well as the exponential increase in the number of active IP addresses on account of the proliferation of the Internet of Things (or IoT) devices. The massive spurt in data to the cloud for analysis and action is not always done by applying the right data security practices such as encryption, anonymization, and so on. This has serious consequences when consumed by malicious actors who are constantly trying to find holes across the entire ecosystem – from the devices to the network to the cloud.

Additionally, as quantum computing gets more reliable and accurate, this has serious ramifications on the fundamental assumptions around techniques such as encryption itself– which is a cornerstone for securing most of the data today. The ability to crack the encryption of the data that is at rest or in motion will soon shift from near infinity to milliseconds in terms of time.

TTPs

Today digital security that is just based on fingerprinting of traditional signatures, without understanding the new Tactics, Techniques, and Procedures (TTPs) is living in the dinosaur age. The threats have undergone a massive shift. When you consider the potential to exploit the vast number of devices in network infrastructure and the sheer increase of humans in the process, along with enabling technologies such as AI/ML, 5G, quantum computing, and so on - traditional approaches to Digital Security only will no longer be reliable.

Digital Security must rapidly evolve to meet these threats.

Here are some of the considerations:

• As attacks on an increasingly driven SD-WAN environment go up – it has implications on the need for the appropriate Cloud Security for Enterprises and businesses. A SASE-based approach would be required that secures both data and the IAAS, PAAS, and SAAS environments.
• Digital Security would need to OPEN architectures that allow for data AND the analytics to be shared across different internal and external environments.
• Analytics goes beyond the endpoint. The data would need to be processed intelligently and appropriate Security actions taken in real-time through an Extended Detection and Response mechanism. (XDR)
• Pro-active Security that uses intelligence gathered from different sources and insights would need to be applied in the context of the current Enterprise or Consumer infrastructure.
• A Zero Trust approach would need to be diligently applied to all traffic – both internal and external and across the entire environment.
• The Human threats – both internal and external need to be assumed by default into the Security posture. This includes training and monitoring for Insider threats as well.
• Interconnected systems that are constantly sharing information in a highly reliable automated process would be needed. No longer are SOCs in a position to handle the millions of threats per day manually.
• AI and ML systems need to be built such that they account for adversarial learning and manipulation.
• In the coming years, encryption techniques would need to factor in the enablement of new avenues for cybercriminals through the use of quantum computing and develop counter and effective resistant techniques to stay ahead of the cybercriminals.
• Frameworks such as MITRE are constantly evolving, and it would be highly advisable to leverage to evolve a comprehensive set of policies and processes to minimize risk.

In short, this is where Living Security becomes the call to action - security technology that learns and adapts to protect operations from a sophisticated array of threats. Constantly learning, constantly adapting, constantly evolving to provide the lattice platform or the trellis around which customers, corporates, society, and governments stay protected.

Venkat Krishnapur is Vice President of Engineering & Managing Director, Trellix

feedbackvnd@cybermedia.co.in