August 21, 2015 By Kevin Beaver 2 min read

You don’t know what you don’t know; that seems to be the mantra for most information security programs today. Security visibility is grossly lacking in so many environments. For many, this ignorance — and the ensuing lack of security alerts — is bliss.

No Visibility Equals No Worries — Right?

I’ve seen it time and again: Management, including technology and C-suite executives, intentionally avoid acknowledging or properly addressing the information security weaknesses — or even breaches — impacting their business. On the opposite end of the spectrum, others struggle to keep up with and determine what’s going on because of too much information, a lack of expertise or the improper use of existing security tools. Sometimes it’s all three.

I’ve yet to see an IT environment where those in charge truly understand the state of security at any given moment. I think that’s why we keep seeing the waves of data breaches come in. Regardless of where your organization falls within the spectrum of security visibility and control, the reality is that someone can be doing something bad on your network at this very moment. And odds are good that you don’t even know about it.

Then what happens? Maybe you’ll detect the breach eventually. Perhaps you’ll be lucky enough to be notified by someone else, which, according to studies such as the “Verizon Data Breach Investigations Report,” is a common scenario. It could be that you never find out and long-term damage is inflicted over time, hurting your bottom line and your brand reputation.

Working Through Security Challenges

These security challenges impact both small and large enterprises and even the federal government. It’s interesting — I’ve heard stories from security vendors who say that they will demo their product in a customer environment for proof of concept to show advanced persistent threats (APTs) and related criminal activity in the networks, yet a common response is: “Thanks, Mr. Vendor. We appreciate the insight and will put your product in our budget for next year.” So an intruder is in the house, but people will pretend like nothing bad is happening.

No matter the scenario, the fines, lawsuits, discovery requests and depositions will likely ensue, especially if personally identifiable information (PII) is breached. There are also the long-term costs associated with stolen intellectual property, impact to your brand and so on. Is this a challenge that management is willing to take on?

You don’t know what you don’t know, but that’s not a defensible approach to information security. Heads in the sand never helped anyone. If you’re going to stay out of trouble, you have to find out what’s happening on your internal network, across your mobile workforce and in the cloud. Then, when threats, vulnerabilities and risks are identified, vow to do something about them in the very near future, if not immediately. Criminals attacking your business have nothing but time. You don’t.

More from Advanced Threats

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today