(Source – Shutterstock)

Are Uber, Rockstar and Optus facing the same cybersecurity challenges?

Cybersecurity issues continue to shake the world. The last few weeks have witnessed several data breaches involving large enterprises around the globe. From a ride-hailing company to a gaming company and even a telco company, these data breaches are all after valuable data.

While each of these cyberattacks is unique in its own way, the reality is, cybercriminals are continuing to find ways to wreak havoc on organizations despite the increased cybersecurity protection applied.

Benjamin Harries, CEO of watchTowr, a cybersecurity startup, shares his views with Tech Wire Asia on who really is to blame for these cyber attacks and how can businesses learn from these data breaches to improve their security posture.

“I think as the public receives this information, we typically jump to the conclusion that these companies must have been reckless in some way to have had this kind of breach. They must be doing something wrong that doesn’t reflect their responsibility to protect customer data,” said Harris.

While Harries feels the notion is logical, it doesn’t really reflect the challenge that cybersecurity is in 2022.

Benjamin Harries, CEO of watchTowr

“If we look at other kinds of things that we try to defend from like physical attacks – for example, someone breaking into a building – this is a well-understood risk, there are well understood set ways of breaking into a business – therefore, the risk is static and can be managed as such. We defend the window, we check the locks on the doors, and nothing changes once the locks are in,” commented Harris.

With cybersecurity and technology, Harris highlighted that there is constant change. As new systems and technology are used daily, there is also the need of using and leveraging more and more third parties to handle data. At the same time, the tactics and techniques that attackers are using to target businesses like Optus are changing and evolving every single day.

“When you’re the size of Optus and you’re trying to defend yourselves, you may be faced with a logical conundrum. To defend a business, defenders are obliged to defend every single aspect of the business. But these defenses can be static – the tactics that an attacker might use change almost daily, and there is then a requirement to figure out how to defend against those tactics as quickly as possible, and subsequently implement relevant defenses. So defenders face a difficult time because they must understand everything that’s going on, they must understand emerging vulnerabilities, they must understand emerging threats, and they must then be able to defend against all of these things comprehensively,” explained Harris.

As such, attackers in comparison have a relatively easy life. It doesn’t necessarily mean that Optus is being negligent or that they’re not doing all the things a business of their size should do to defend themselves. Harris believes it could mean that one attacker was just persistent enough over a sustained period of time to find the one tactic or system where Optus may have let the ball drop, or where Optus didn’t necessarily fully understand a particular emerging tactic in a rapid enough manner to build appropriate defenses.

The challenge with cybersecurity

For Harris, adversaries are trying new techniques every single day, and somehow Optus is expected to be able to keep up with these rapid evolutions or changes. Regardless of the reality of how difficult this is for businesses like Optus, or any other large organization (like Uber), regulators and customers – the court of public opinion – are not forgiving.

“The headlines are simple, a company has lost their data. It’s compounded because we often don’t have that much information about how the breach has occurred. If we look at the other high-profile breaches that happened recently, Uber as an example, the suggestion is, or at least claimed, that the tactics and techniques used to execute the breach were relatively simple,” said Harris.

As such, Harries points out that this is an easy punching bag for the public: “the organization is large, the tactics and techniques are supposedly simple – unequivocally Uber must have dropped the ball, and they should have been able to prevent this breach.”

“Yet, going back to my previous analogy, it’s very likely that Uber had the 99 other types of attacker tactics and techniques covered. They were fully defended. And someone just was very lucky, and persistent enough, to have found the one gap that Uber had missed,” he added.

For Harris, the question the industry should be asking is not what did Optus do wrong. Instead, he believes it should be, for businesses like Optus, Uber, Rockstar, and whoever is the next victim of a breach, whether it be next week or even tomorrow:

  • How do we help organizations understand the latest tactics and techniques adversaries are using to break into their organizations, so they can get ahead of that exploitation and prevent the breach?
  • How do we, as a cyber security industry, enable organizations to use data to defend themselves?
  • How do we use technology to give companies like Optus insight into these tactics and techniques being used to breach organizations before they occur, so they can defend themselves?

“At watchTowr, we are addressing this by building technology to give organizations a real-time view of how adversaries look at their organization to then understand how they could breach the organization. We leverage data to continuously help organizations understand how the latest attacker tactics and techniques apply to them, which then informs and enables actionable defense – removing the challenge that organizations face of keeping up with this ever-evolving and emerging threats,” concluded Harris.