Imitation for innovation
Last year I was fortunate enough to have an opportunity to speak at the ITWeb Security Summit. The focus of my talk was the importance of defensive information security and why we need to think more like attackers, with a particular emphasis on using this knowledge to gain an advantage against them.
In 2016 our industry saw a significant spike in new ransomware, with some vendors suggesting up to a 400% increase in new variants since the previous year. While this growth is likely unsustainable, it is anticipated that ransomware variants will continue to increase at a steady rate of around 20% over the course of the next year.
With such rapid development occurring in this space, it is clear that we continue to be completely and utterly outpaced by our offensive counterparts. Understanding how attackers operate is simply not enough if we hope to gain the advantage as defenders. We are fast approaching a point whereby if we wish to remain relevant and be successful within our industry we will need to look to emulate attackers, or rather, we will need to imitate specific characteristics that they display.
Oscar Wilde once said that imitation is the sincerest form of flattery. As defenders we should be acknowledging that there are certain things that attackers excel at, and a good example of this can be seen in the way that attackers rapidly develop and release tools to meet their requirements.
As evidenced by the earlier ransomware example, we can clearly see that attackers release early and release often, iteratively improving on their products as they evolve. Early versions of their code may not be entirely effective, but due to constant evolution and development they quickly improve.
As defenders we often feel that our solutions must be perfect before they're ready for use. However, if we alter our approach slightly and instead seek to develop solutions that are adequate as opposed to perfect, and iteratively improve over time, we give ourselves a better chance of defending the networks we are employed to protect.
One need only look at companies such as Etsy, Slack, Uber and Netflix to gain an understanding of how effective security teams operate. Rather than purchase products built around the latest hype cycle, these innovative security teams have developed niche tools to meet specific objectives and iteratively improved them over time before sharing them with the defensive community.
It is easy to look at these companies and dismiss their achievements. After all, they have significant resources and scale that most organisations do not. I would urge you not to fall prey to this mindset. Their success is due to their innovative approach and their understanding that as defenders it is important to develop and build solutions to address distinct problems within their organisations.
If we are to be on par with our adversaries, we need to constantly strive for improvement. We must emulate and cultivate a culture of development and innovation. Only by growing our craft can we ever hope to compete.