The Great Wall of China failed in its essential purpose of keeping barbarian invaders from the north out of Chinese territory. More than 2,000 years later, the wall created by France’s Maginot line protected a crucial part of French territory from an invading German army, but that army merely flanked the French fortifications to gain entry to other parts of France.
Cybersecurity experts can draw an important lesson from these and other physical walls that have been erected throughout recorded history to defend territories: in spite of advanced technology and extreme efforts, those walls did not prevent attackers from breaching the protected territories. Regrettably, this lesson appears to have been lost on companies and organizations that place great reliance on technological firewalls to protect internal information systems networks from cyberattackers.
The analogy between physical walls that were built as part of a military strategy and technology firewalls that are installed on networks to prevent data breaches is not as attenuated as it may seem. Commercial entities have been the primary target for cyberattacks in the early part of the twenty-first century, presumably because of the monetary value of the personal information that they maintain. Rogue governments are reportedly sponsoring cyberattacker education in order to launch hacking attacks against national power grids and financial systems, as well as against corporations that they perceive to be taking actions that are counter to their national interests. History teaches that firewalls will likely be breached. In view of this, companies and organizations should shift their strategy to develop force fields that can elevate their technology defenses by several orders of magnitude.
A force field will incorporate the best features of firewalls (i.e. prevention of known data breach risks) with technology that detects unauthorized system incursions and excursions of data from a network. Firewalls are installed on one or more specific paths for information coming into a network.
When the firewall detects a piece of information known to be bad, it segregates that information away from the network. Modern networks, however, include multiple entry points and access nodes. Just as an invading army can flank a defensive physical wall, a cyber attack can potentially flank a firewall and allow a hacker to gain access to a network through an unprotected pathway.
Further, hackers can disguise malware to fool firewalls, much as a spy might slip past a physical defense structure. Monitoring information that actually goes into and out of a network, rather than just relying on a firewall to keep out the bad elements, is a key aspect of network force field theory.
Technology force fields are also analogous to unified threat management (“UTM”) protection in cybersecurity, which combines all security strategies onto a single platform that is offered by a single vendor. In its most complete form, UTM protection extends to email, wireless access, network and web server security, and point-to-point communications between users with authorized access to a network and other third parties. Data breach insurance is the last element that companies should consider to complete their UTM protection strategy.
Cyber attackers will undoubtedly improve their techniques either to break down or to flank a force field, regardless of how strong a force field or UTM strategy might become. A cybernattacker who does breach a system can cause millions of dollars in direct damage while exposing the target company to several millions of dollars in third-party liabilities to individuals whose personal information is misappropriated through a data breach. Any strategy against cyber attackers that claims to be “unified” should have a contingency plan for a response when any part of the strategy might fail. Data breach insurance is the perfect contingency plan.