Another day, another hack: fall out of the TalkTalk breach
Yet another breach has hit the hacking headlines, but are we surprised? Too many high-profile breaches have been under speculation so far this year, and businesses are still failing to put proper security measures in place to not only make the system more difficult to hack, but to limit the scope if a breach does occur.
Although the details of the TalkTalk breach are still unknown, one thing is for certain: TalkTalk must not have had a software-defined security strategy in place, focusing on users and applications rather than the network itself. How do we know this? If TalkTalk had cryptographically segmented its security system into predefined and clearly understood fragments, the breach would have been more manageable, instead of system wide.
The TalkTalk breach shows that assuming internal networks are safe and trusted is no longer acceptable. Hackers have turned trusted networks into playgrounds, moving laterally from system to system and liberally exfiltrating data. By compromising one user, even a contractor, hackers get past the firewall and enjoy access to essentially anything. When a no-trust security model is in place, it means that no network is trusted, inside or outside the perimeter, no user is fully trusted and equally, no device is trusted.
TalkTalk needs to take note: the most secure enterprises have adopted crypto-segmentation; meaning that they encrypt all sensitive application flows inside and outside the perimeter. To achieve this requires eliminating siloes and establishing a centralised method of creating and managing policies, and keying for end-to-end protection across all applications and networks. Building on the identity and access control technologies widely deployed, a cryptographic relationship creates a clean and unbreakable link between each user and the permitted data and applications, meaning that if a breach does occur, the hacker is limited with the information and data that it is able to exploit.
Crypto-segmentation combined with role-based access means authorised users can access applications encrypted from server to user. If a user is compromised, hackers can access only that user’s applications. Lateral movement to more sensitive applications is blocked, and the breach is therefore contained. This could have stopped the TalkTalk hackers in their tracks.
Architectures need to quickly adapt to the new world of user and application mobility by ensuring that network segmentation and application isolation can be applied across all environments, irrespective of network level control. User access control policies must be applied and enforced in real-time, across all users and applications both inside and outside the traditional firewalled perimeter.
The time for the industry to recognise that a fresh approach is needed is now. We must question how many more high-profile breaches like the one TalkTalk is currently dealing with are needed before clear and concise action is taken by the businesses most at risk.