Outgunned in cybersecurity: Are we fighting a losing battle?

AdrianAdrian
6 min read

Table of contents

In the era of the Internet, especially today, when even companies specializing in cybersecurity fall victim to hacker attacks, the question arises: is it possible to win a fight that seems lost from the start? If companies that have been developing software for 40 years to improve security still can't write secure code at this stage, where is the hope for a safer tomorrow? If companies keep jumping from one zero-day to another, where did we go wrong as programmers, testers, security specialists, and managers?

The Unfair Game

Some will say that this is an unfair game that cannot be won because cyber defenders are always chasing the carrot, while others will say that the game has not even started. In reality, the game - us versus them - has been going on for years. Is it possible to unequivocally answer the question - "Are we winning this game?" Let's see...

Unfortunately, no. As we know, life is more complex, and it's not easy to say 'yes' or 'no.' By what criteria should we evaluate it to be able to unequivocally answer this question with a simple 'Yes' or 'No'? We mostly receive gloomy information, but how much positive news do we miss? Almost no one boasts about successfully repelling an attack. Apart from a few companies that share information about mitigating DDoS attacks, few others highlight their successes. On one hand, we are winning, as more and more people in the industry are interested in cybersecurity. On the other hand, there’s an increasing amount of information about breaches and successful attacks.

This quote sums it up nicely - “The game is rigged, but you cannot lose if you do not play.”

Disconnect from the internet and that's it 😃!

How to measure it?

Both success and cybersecurity have several things in common. Namely, cybersecurity means something different to everyone. Cybersecurity goes by many names... Every company faces different threats.
So how do you measure and define the security of an organization? The result of the project team is an application or system. It is a tangible, working tool. And what is the result of the work of the cybersec team? The results of this team's work are not so tangible...
Our work focuses on:

- Protection of existing resources

- Prevention

- Support and strengthening of IT processes

- Education and building awareness

- Risk management

- Incident management

- Creating policies and procedures

Although the effects of cybersec work may be invisible at first glance, they become crucial in crises.

You could say that cybersec is like a good immune system - it works in the background, and you only see its effectiveness when the threat is repelled or does not occur at all!

Motivation vs. Duty

Just as the above paragraph could give hope, here it is the other way around... Why?

I think that the determination of attackers is stronger and everlasting compared to the determination to work duties. In other words - people's motivation decreases, especially when the effects of work are often not visible, the situation is different when the attacker out of nowhere, often from long-term searching and curiosity - suddenly finds a loophole that is known only to him (0 day). What do you think his motivation is at such a moment? How long will it last? And where will it take him?

Unfortunately, the situation is different when the person whose duty it is to defend is overworked, tired and sleep-deprived... Life is in its purest form, and not as they describe it on social media.

In such a situation, the chances are not on the side of the defenders. Of course, it is great that there are early detection systems that can automate many tasks, but in the case of 0-day, even they will not help.

Red Teaming and CTI

Are we doomed?

Not always!

Someone smart came up with something as great as Red Teaming and Cyber ​​Threat Intelligence!

Thanks to this, we can minimize being behind bad actors as much as possible! CTI provides information about real threats, actors and techniques used by attackers. Thanks to this, Red Team can simulate attacks that are similar to the actions of real groups, such as APT.

Cyber ​​Threat Intelligence collects, analyzes and distributes information about threats, while Red Teaming is a practical activity, i.e. simulations of attacks.

Each of these fields operates in a different part of the cybersecurity ecosystem, but their cooperation makes the organization's actions more effective in preventing threats.

Bug bounty programs

Conscious and mature companies know that threats lurk at every turn, patiently waiting for an error to ruthlessly exploit it! That is why programs such as bug bounty are created - it is another step towards the security of not only the organization but the entire Internet. Bug bounty programs encourage specialists to look for errors and report them. Thanks to this, both the company and the researcher gain. Win-Win! These programs are great because the organization realizes that errors are a part of human life, so there is a chance that cybersec teams may have missed something during their activities! Of course, even if the organization does not have this program, it is necessary to report the detected vulnerability to it. I have already reported such vulnerabilities several times, among others in Poland, Singapore, Brazil, India and the USA - despite the lack of a bug bounty. It gives a lot of satisfaction! A bug bounty is another possibility, thanks to which we can be ahead of the evil side of the force!

Cybersecurity is a process

Cybersecurity is not something you can “do” once and check off a list. It is a process that never ends. Technology, attack methods and the threats themselves are changing at a dizzying pace, and we have to keep up with it all. You have to be flexible and ready to act, otherwise something will go wrong sooner or later. It can be compared to taking care of your health - one visit to the doctor or a month of gym workouts will not make you healthy forever. Regular tests, prevention and reaction are needed when something starts to go wrong.

It is worth remembering that cybersecurity is not just technology. It is people, processes and the entire organizational culture. You can have the best tools in the world, but if you lack good management and team cooperation - none of that will work. In this industry, continuous improvement is the basis, because this is what helps you keep up with new challenges and threats.

Cybersecurity is not a sprint - it is a marathon. What counts here is consistency and systematicity, not quick wins for a moment. Every update, every process implemented, and every lesson from the past matters in this fight.

What's next?

Of course, I realize that cybersecurity is as broad and deep as the ocean. I've left out many things and not mentioned others. I wanted to answer this question myself, to which, until now, I thought I knew the unequivocal answer: NO. But not from the perspective of "I give up," rather from the perspective of "motivation and determination" – just as I mentioned earlier.

Perhaps someone curious about the world is also looking for an answer to this question. As you can see, there is hope, and more importantly - tools, knowledge, determination and systematicity to build and invest in both know-how and the best cybersecurity specialists. May the force be with you!

~ If you want to work, work with the best.

Useful links:
https://riskxchange.co/1006911/a-guide-to-cybersecurity-metrics-and-kpis/
https://www.micromindercs.com/blog/red-teaming-supports-threat-intelligence

0
Subscribe to my newsletter

Read articles from Adrian directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#cybersecurityCTI red teamCyberSeccyberBloggingSecurity

Written by

Adrian
Adrian

IT Engineer who loves to create something out of nothing. I write, I create, I educate! Social Engineering enthusiast! Python, Wireshark, Kali, RHEL