When the first automobile was manufactured, it wasn’t very safe.
Many drivers and passengers died because safety simply wasn’t a motivating factor in the design and creation of the automobile. Since then, a parade of features has been added to increase car safety. These initially included brakes and lap belts, then seatbelts, directional blinkers, headlights, taillights, brake lights, fog lights, and eventually advanced innovations like anti-lock brakes, traction control, airbags, lane keeper assists, auto braking, lidar, backup cameras, and front-facing cameras.
Manufacturers didn’t just iterate on the same things. They improved the existing safety features and continued to innovate by adding new systems and features each decade. Why? Because even though cars are much safer, many people still die in car accidents each year. There are plenty of reasons: drivers make mistakes, people don’t obey rules, systems fail, Mother Nature throws us curveballs. When will we stop adding safety features to vehicles? Probably not in the foreseeable future—if ever. Not until we can protect everyone all the time. We will continue to innovate to try and save lives. It’s what humans do.
When the Internet was initially assembled, it was designed for communication and sharing. As with automobiles, safety simply wasn’t a consideration. No one knew that it would grow to what it is today. They couldn’t have predicted that it would become a fabric connecting all of society and a driver of the global economy.
Since no one had foreseen its potential for market penetration and global growth, protecting people and their data on the Internet wasn’t an initial priority. As attackers began to wreak havoc via webpage compromises, distributed denial of service attacks, system compromises leading to data theft, data destruction, and data integrity manipulation, preliminary safeguards were added to make the Internet a less dangerous place for businesses, consumers, and governments.
Unsurprisingly, it didn’t work. Anti-virus software was added to endpoints. Intrusion detection systems, firewalls, intrusion prevention systems, data leakage prevention systems, and much more were added at network perimeters across the enterprise. Yet intrusions continued, escalating in scope, severity, and number.
The reasons for the failure of these early measures are myriad, but one major issue is that most security vendors focused completely on preventative technology to stop breaches from happening rather than on detecting them once the adversary breached the network. We need to do both. The sophistication of attacks continues to grow as needed to accomplish attacker goals. Just as car safety advancements were critical to making our roads less dangerous, innovation must continue in cybersecurity. This means adopting a new perspective on the problem.
Let’s return to our car analogy. Remember all the innovative safety features added to reduce automobile accidents? They have certainly helped a lot, but accidents still happen frequently. Manufacturers understand this and address it by adding systems designed to help accident victims in today’s cars. Why? We know—and unfortunately accept—that they are going to happen, and we prepare for them. Some manufacturers have accident detection systems that close the windows, cinch up the seatbelts, brake the car automatically, deploy airbags on impact, call the authorities, and much more. Many municipalities even help save lives by monitoring high-traffic areas to enable quicker accident response.
In cybersecurity, it’s time to admit that system breaches are inevitable and innovative technologies must be more broadly applied to detect those breaches. If you can’t always stop the attacker (and you can’t), you need to detect them when they bypass preventative tools. Fast and reliable detection will help to ensure they aren’t successful in accomplishing their goals.