Don’t worry you won’t find any Endgame spoilers here, in fact, more than a few of us over here at Cyberinc already have our tickets purchased. So feel free to read on, safely.
The world of Cybersecurity, just like the Marvel Universe seems to have an almost unbelievable number of catastrophic events and attacks occurring on a regular basis. I mean, if you actually lived in the Marvel Universe wouldn’t you be really concerned despite having the superheroes by your side? In the first Avengers movie, there was a very public battle featuring alien spaceships and costumed superheroes running around New York City destroying things and once again threatening to destroy the world. The attacks didn’t stop after that; in fact, they just kept coming.
Since Iron Man came on the scene in 2008, we’ve seen over 20 ‘big bads’ threaten to destroy everything. As far as I can tell, the citizens of the Marvel Universe are concerned but pretty much seem to feel these attacks are inevitable and just hope the superheroes keep the threats at bay while governing bodies assemble to find a resolution to a mounting problem. Meanwhile, things just keep getting worse. Sound familiar?
Cyberattacks just keep happening – cybercriminals have demanded ransom, stolen innocent people’s information with the intent of using it for nefarious means, stolen money, threatened health systems, the list goes on and on. It’s become such a widespread problem that experts are saying having your organization breached is only a matter of time. So, we put our own version of superheroes, our security tools, in place hoping they’ll ward off cybersecurity’s next big bad.
We’ve tried pretty much everything to keep cyber attacks from causing a breach. Remember that time Loki was captured and they put him in a prison where they could observe him? We have basically tried the cybersecurity equivalent of that with sandboxing and advanced threat intelligence techniques. It’s a good thing Loki turned out to be a good guy eventually, but you never know, he was bad once, he could be bad again. You just can’t trust the guy. The same goes for Nebula, whose path mirrors that of a hacker turned good, by teaming up with the good guys while fully understanding the mindset of the bad guys.
Chasing all of these threats has both Cybersecurity experts and the Avengers pretty distracted because, saving the world is a big job and we have very limited resources. Now, the snap has happened and 50% of the MCU population is gone. Similarly cyberattacks have gotten so bad that a recent survey of IT leaders said 80%* expect a critical breach or successful cyberattack to hit their organization this year.
So how do stop catastrophe? How do we get back our beloved superheroes? Dr. Strange saw 14,000,605 possibilities and there was only one where the good guys win. Is this the one, is this the endgame?
As for the Marvel Universe, we’ll have to wait to find out when we see the movie. But for Cybersecurity, the answer to me seems pretty clear. Zero trust.
We need to stop trusting the big bads. Phishing attempts, ransomware attacks, compromised web applications, weaponized documents, all serve as distractions as we try to catch up with the pace of cybercrime. But the fact is 98% of external information security attacks come from your browser and that 80% of those attacks use web traffic or malicious URLs. We can lock all of those down by adopting a Zero Trust model. When we shift to an isolation-based model built on the concept of zero-trust we are able to stop all incoming threats and keep them away from the endpoint before they have a chance to act. Today’s threat landscape is our snap. If we deny trust to the browser we can mitigate the vast majority of our risk and focus on a small percentage of other attack types, making it more manageable for our security teams to handle.1
 “It’s Time to Isolate Your Users From the Cesspool with Remote Browsing”, by Neil MacDonald, Gartner 2016.