“We’ve never been attacked”

As an IT security consultant, I often hear this phrase. My answer to this is normally: Are you sure? Then people look at me like I’m a fool because to most people a hacker attack is equal to having a virus spread across the network or a system break down – both with catastrophic consequences like lost data and revenue. 

But all cyberattacks are not necessarily massive events. Most likely you won’t even notice that an intruder has visited your system. Today’s attacks are very sophisticated and can only be detected if you monitor behavior thoroughly. Most endpoint security solutions look for code, and not behavior, which is actually the main source of many attacks, and the reason for not spotting the attack in due time. Actually, I will venture to claim that the most important thing in endpoint security is visibility! Visibility puts you one step ahead of the cybercriminals and ready to respond to any potential attacks.

The number one challenge in today’s threat situation is often either industrial espionage or government actors. Cybercriminals are hired to break into a designated company’s system without getting noticed. They will monitor the daily behavior in order to finally deal the crucial blow based on all the knowledge they have gathered for months, or just take over the systems and use them to launch a much bigger attack. Or they will just tap the company’s system for data without leaving any obvious traces. In both cases, the company would in most cases have been able to detect and stop the intrusion if they have had full visibility of the traffic in the system. All activity leaves a trace, and in this case, the trace would have been maybe a small, abnormal activity. That is why we at Nixu always want to begin by finding the root cause of the damage. Otherwise, you might get the feeling that you are always trying to put out fires and never really in control of the situation.

We do not have the capacity to monitor our system 24/7, you might say. That is true, very few organizations have the resources to manage the entire endpoint security of their system. Managed endpoint detection and response solutions give you automated surveillance with someone to step in and take action to prevent and respond if abnormalities should occur. Of course, some of the tasks can be managed by internal resources and others will be too much of a daily burden for the employees. Which level of help you need is entirely up to you. It is just like buying a car. It doesn’t come with a driver’s license. You have to learn how to drive or you can choose to sit in the back of the car and leave the driving to the chauffeur. If you buy a race car, it requires a higher level of driving skills, but you can still choose to sit in front with your hands on the steering wheel or in the passenger seat. It is exactly the same when it comes to endpoint security. The more advanced system and the more endpoints you have, the more knowledge and the better results you get, but the higher is the need for skills and working hours. It’s your decision. 

Knowledge is power, someone once said. And maybe it’s not exactly power but wouldn’t it be nice to be able to say: “We’ve never been attacked.” And actually, know that you’ve never been attacked?