Digital Transformation’s Hangover

Expanse’s CEO, Tim Junio, discusses why it would be easy to conclude we’re on the verge of ceding the Internet to criminals and spy agencies. But there are reasons to be optimistic.

It would be easy to conclude we’re on the verge of ceding the Internet to criminals and spy agencies. But there are reasons to be optimistic.

We’re witnessing the “morning after” of digital transformation. It’s not pretty.

Equal parts strategic reboot and IT spending spree, digital transformation became a badge of honor overnight for traditional organizations adapting to the Internet-connected world. And why not? The urge to apply digital technologies to all aspects of the business has been a clear call to arms for the future. The alternative seemed like a slow, analog death. The party’s still raging — in fact, last year alone, spending on digital transformation approached $1 trillion.

However, as organizations raced to put everything online, they also put themselves in harm’s way. Many were overwhelmed by the pressure to keep track of everything they were doing while transforming. All parts of the enterprise, even everyday office items, quickly went online — including building control systems, printers, conference phones, elevators, backup hard drives. And previously networked assets didn’t go away; decades of abandoned, forgotten, misconfigured, sometimes unpatched devices now live on the same networks as all that new IT.

Human oversights and simple mistakes accumulated. Today, a typical large organization has hundreds or thousands of these vulnerabilities. Many are (or may accidentally become) beyond the firewall, out in the open. IT teams can’t detect — much less manage — these vulnerabilities. They’re a dog’s dinner of old protocols, Web 1.0 standards, and aging equipment, often obscured by a large array of mission-critical connections on an organization’s extended network.

In 2018, most major cyber attackers gain access via insecure or unknown IT assets on the public Internet. According to the most recent Verizon Data Breach Investigations Report, about 75% of attacks originated outside the network. Most concerning, as soon as there is a breach on the network edge, modern attacks spread throughout internal corporate networks at machine speed, infecting thousands of assets in minutes, and forcing IT teams to chaotically shut down the networks of the entire company in order to save remaining systems from rampaging infection.

And while recent reports on the surreptitious chip tampering still aren’t validated, it’s the type of threat that should worry these decentralized IT organizations in particular.

While IT has been decentralizing, attackers have scaled their automation faster and more comprehensively than defenders. Just when digital transformation shifted into high gear, compute power was becoming dramatically more affordable and accessible to criminals. Today, they simply trawl the public Internet using inexpensive and highly automated tools. In fact, you can buy logins to already-backdoored Windows machines on the dark web for under $10 each. Why would bad people work harder than they need to?

RDP exposures can be purchased for less than $10 each.

Makhost is currently selling access to more than 6,000 compromised RDP installations worldwide. As we can see in this screenshot, hacked systems are priced according to a combination of qualities of the server. Image via KrebsonSecurity.

From this grim reality, it would be easy to conclude we’re on the verge of ceding the Internet to criminals and spy agencies. But I’m optimistic. Yes, this “morning after” is a nasty one — but it’s a set of problems for which there are solutions. My optimism is buoyed by these strategic tailwinds:

  1. The same declining cost curves that have benefited attackers can help defenders get faster. A modern IT team can now benefit from computing power, storage, and connectivity that used to be available only to the largest governments. This creates the potential to make all of an organization’s data mutually interpretable and available for security and IT ops analysis.
  2. Recentralization of IT operations is now a business imperative — and yields increasing returns — because recentralized IT teams can quickly share information with their peers. This creates network effects among defenders. You might say in the 2000s the pendulum swung to the extreme of decentralization, and we’re now witnessing the pendulum swinging back.
  3. Finally, after decades of accumulating best practices, the cybersecurity industry is finally coalescing around standards and measurement akin to financial audits and the tort system. This is great news, because it means we can write scalable playbooks, create benchmarks, and hold security executives accountable all the way up to the board of directors. No more “Pat runs security, and Pat’s great, so we know we’re in good shape.”

Like any bad hangover, there’s no magic cure for this one. But don’t hate the hangover. It’s just doing its job: delivering negative reinforcement of our irresponsible behavior, so we’re more careful next time.