How is it that global spending on cybersecurity totals more than $100 billion per year, and IT has so little to show for it? Authentic8's Matt Ashburn discussed this question on the Business Security Weekly podcast.
Why do cyber adversaries remain so successful despite advances in security technologies and risk frameworks? Matt Ashburn, Head of Strategic Initiatives for Authentic8, has a pretty good idea. On the Business Security Weekly (BSW) podcast, he discussed his take with co-hosts Matt Alderman and Paul Asadoorian.
Matt Ashburn, who served as the CIA Cyber Security Officer and National Security Chief Information Security Officer at the White House, recently authored The Billion-Dollar Security Blanket: How Security Spending Overlooks the Biggest Risk of All.
His detailed research and surprising insights attract attention from IT security leaders and influencers across the public and private sectors. As expected, they fueled a lively discussion on episode 183 of the podcast.
The common thread in successful cyber attacks
What's the common thread among many successful cyber attacks? In his conversation with the Business Security Weekly team, Matt stressed not to overlook any longer the role of the web browser and its vulnerabilities, which are rooted in a decades-old architecture.
"I spent most of my career standing up SOCs or working in SOCs in the federal space and commercial space," he said. "And I tell you, we would spend probably 90 to 95 percent of our day on just general badness on the internet."
"So when I'm saying 'general badness,' I mean the drive-by downloads, the random phishing that you get, or the unsophisticated phishing, but the nation-state level attacks as well, the advanced persistent threat type of attacks that are very targeted."
"They all have that [one] thing in common," Matt Ashburn emphasized. "They all exploit the web browser architecture in some way." The logical consequence, from a security awareness and risk management perspective? Re-thinking the browser.
Matt demonstrated on the security podcast what happens when you move the browsing environment from the local machine into the cloud, off the organization's network.
Web isolation with Silo for Safe Access (Cloud Browser) and Silo for Research - which is used by threat intelligence analysts, OSINT researchers, and fraud investigators, among others - nearly eliminates the internet risk surface.
How IT can stop the costly game of whack-a-mole
Remote browser isolation with Silo means that no web code, such as ransomware or tracking code, can touch the local endpoint. Most users wouldn't notice a difference, because the visual representation they interact with at the endpoint - delivered as an encrypted stream of benign pixels - looks and behaves just like any major browser they may have used before.
CISOs, CIOs, CTOs, and their teams, on the other hand, see a significant impact. IT security professionals can stop worrying about malware infections, data breaches, and de-anonymization when users access the web, and security teams are empowered to focus on more advanced threats.
Matt concluded that if they eliminate the costly game of whack-a-mole with web-borne threats aimed at the browser, IT security teams "can now focus on insider threats or supply chain attacks and all the other things."