Imagine standing in front of the CEO and company board of directors, asking them for a check for an obscene amount of money to pay off hackers that are holding critical data hostage and disrupting the company business.
I am sure many of you are cringing at the very thought of this and have blocked this uncomfortable scenario from your mind; instead hoping that your company’s current security strategy is enough to prevent becoming the next victim of a high-profile data breach or ransomware attack..
The fact of the matter is that while ignorance is bliss, it will not prevent this scenario from occurring. The cycle of ignorance that exists today is bad for organizations, blissful for hackers and needs to be broken before it is too late.
Our CEO, Nat Kausik, wrote a great piece on the SolarWinds attack, detailing how once hackers were able to breach the company’s network via a compromised laptop, they were able jump freely from the company’s active directory infrastructure to the Azure active directory, and ultimately take over their Office 365, where they were able to achieve full access. This, Kausik pointed out, was due to the fact that the company employed an integrated security infrastructure approach, as opposed to a security posture comprised of independent vendors and tools.
On paper, having a single vendor for your IT and security can make your life easier, such as not having to worry about interoperability issues. However, heavily relying on a single vendor infrastructure also makes life easier for the hacker. The SolarWinds breach is a prime example of how hackers were able to ride the connected fabric of an all-Microsoft shop. This begs the question, “Will the developer of the infrastructure be able to see its own vulnerabilities?” This is akin to why Quality Assurance (QA) and development/manufacturing/building are typically separate across any industry of choice.
That being said, many organizations still rely on a single vendor, thinking they have both ease-of-use and security. This willful ignorance, if left unchecked, can have serious implications in the future.
To deal with today’s evolving threats, it is imperative that we break this cycle. Relying on a single vendor for both infrastructure and security is not good for your business. We need to start making the hacker’s job harder and not easier. We can do this by employing best-of-breed security practices at all segments of the infrastructure via security products and services that are independent of the underlying infrastructure.
Failure to do so may result in that very uncomfortable talk with your CEO and board becoming a reality.
To learn how Bitglass can provide an extra layer of security on top of the Microsoft tools you may already be using, download our solution brief on How Bitglass Complements Microsoft Security.