The concept of Prevention before Detection is very easy to understand in most industries, except cybersecurity. Breach after breach in today’s news give us plenty of examples of cybersecurity professionals depending too much on Detection, and not enough on Prevention. But is that what you the business owner or consumer expect?
I’m sure there are a number of reasons why cybersecurity professionals implement the technologies they have. But what is important is to adopt current best technologies, and NOT stay with outdated strategies. Current thinking, strategies, or just plain attitude must change to adopt more Prevention.
Case in point, Chili’s recent data breach. (Doug Olenick, 05-14-2018, https://www.scmagazine.com/chilis-got-data-breached-data-breached-data-breached/article/765792/ , Chili’s got data breached, data breached, data breached)
Time to Detection
The article states between March and April 2018 payment card information was compromised, and the restaurant chain learned of the breach on May 11. Let’s do the math. Assuming latest breach time is April 30, and earliest breach time is March 31, that puts a window of 11-41 days until detection. The time to detection is referred to as a “silver lining” by a cybersecurity professional because that time is much better than current average.
As the owner of Chili’s, or the customers who’s data was breached, is that really good! NO WAY! Here’s why.
Prevention is Preferred and Recommended
The same cybersecurity professional went on to state:
“Using application whitelisting to prevent unknown programs from running is generally the best defense against malware such as the one used to steal credit card numbers from point of sale machines.”
Cybersecurity professionals know application whitelisting stops unknown programs by default. And specifically, the type of malware used for data breaches like Chili’s, and many other companies this year. But are they choosing to add application whitelisting? Hmmmm
Conclusion – Would you rather:
A) Stop the threat on Day 0 using Prevention (Application Whitelisting)? Or,
B) Stop the threat on Day 11-41 using Detection (Behavior/Hueristics, Machine Learning, etc)?