Bye bye, MR. ROBOT
USA Network’s “Mr. Robot” depicts a world — ours — where traditional cybersecurity is not enough. How can we protect our systems and data from the real Mr. Robot?
The acclaimed TV series gives its audience a good glimpse oncybersecurity and hacking with unprecedented accuracy for a mainstream TV show. We see the protagonist Elliot Alderson type realUnix-like commands, talk over IRC and use many actual pentesting tools like Kali Linux, Nmap and SET.
Allsafe — the company Elliot works for — is the perfect example of a cybersecurity firm that advertises their perimeter security solutions as if they were impenetrable. But, like in the TV show, we still hear everyday about data breaches at even the largest corporations.
Even if the digital walls and fences built by intrusion prevention systems were really unbreakable, they would not protect you at all frominsider threats, which account for a big part of non-accidental data breaches, according to Gemalto.
Furthermore, most of our data resides nowadays in the cloud — a.k.a. someone else’s computer — where we have little control. The fences and walls just fade and blur.
“Start with the assumption that the bad guys are already in your network” — Chris Inglis, former deputy director of the NSA.
Working from that assumption, we must shift from focusing on the perimeter to start analyzing user behavior.
Modern data integrity tools like Trailbot by Stampery analyze changes made to system files and logs, create audit trails for everything going on in a server and act in real time running predefined scripts capable of making automatic backups, reverting unwanted modifications or even shutting the whole system down.
Consider the fsociety00.dat file shown in Mr. Robot’s first season. Nobody ever got to guess who sneaked it inside E-Corp’s servers, and even worse, no one realized the fact that Elliot discovered its existence and yet he did not delete it.
With blockchain-anchored, immutable audit trails like those generated by data integrity tools like Trailbot, there is no chance for a system administrator to go rogue, bypass the standard protocol and erase all traces of his activity a la Snowden, because tampering becomes evident and security event reports are presented in a way that C-level staff can understand and take action upon.
This is a whole paradigm shift, and it is only a question of time before corporations change their mindset and start to embrace behavior analysis and data integrity protection as core principlesnot only in their security policies but also in their corporate DNA.
Otherwise they will see their perimeter security measures fail over and over again, endangering their clients sensitive data,jeopardizing their IP and ultimately putting their business at stake.
