It’s been said that speed kills. But in cyber warfare, speed heals. That’s because with today’s advanced cyberattacks, you need to move faster than the attackers to minimize damage.
Here’s an example. Remember the 2014 attack on Home Depot? It resulted in hackers stealing credit card information from an estimated 50 million customers. But what if it was possible to intervene during that attack and limit those losses to just 500 cards? Or even 50 cards?
Achieving Acceptable Losses in Cyber Warfare
This is the concept of acceptable loss, which means accepting the fact that you can’t stop every threat. Of course, no one wants to suffer losses. But sometimes the optimal outcome is not stopping threats completely, it’s ensuring that the damage is minimal.
The fact is, intruders will get into your environment. But once they’re in, with the right cybersecurity solutions you can stop them in place before they inflict too much damage. So, how is this achieved?
Let’s start by examining today’s cyber security landscape. Research from Ponemon Institute shows that, on average, it takes 206 days before a cyber intrusion is detected. Why is that? Because most regulatory compliance mandates require password changes every 90 days.
But if you’re changing your passwords every 90 days and somebody breaks in on day one, how long will they have access to your environment with that credential? At least 90 days – and that’s assuming you really do change your credentials after 90 days. If you can’t detect them, and you’re not changing all your credentials, they’ll be in there for 90 days or 206 days … or maybe even longer.
Now suppose instead that password lifetimes were measured in, for example, one day instead of months. Then, imagine that someone breaks in and steals one of your credentials. Or one of your IT administrators with privileged access leaves the organization. Under this scenario, at the end of a 24-hour cycle they can no longer get into your environment with those credentials.