Breaching the Castle: Walls and a Moat are No Longer Enough

I cannot tell you how many times I hear people comment that their cybersecurity is “just fine” because they have firewalls and antivirus software. Cybersecurity effects all of us and simply having good firewalls and antivirus software is not enough. A cyber breach can have a cascading effect on more than just customers, clients and employees.  As we say regularly, it can and will affect your vendors and others who access your systems.  The purpose of a good virus is to spread, infecting as many computers and computer systems as possible.  So simply having a password, firewalls, and antivirus software is the cyber equivalent of sneezing on someone when you have the flu. Disgusting and harmful.

Let’s deconstruct what I mean by “Breaching the Castle”.  A colleague of mine recently used this example and I thought it was clever and illustrative of what cyber experts try to explain everyday.  In the past (and I mean the distant past) when a castle was under siege, the only way for the enemy to breach the castle was by either climbing the walls or breaking through a drawbridge. The castle’s lord, and his people, could (sometimes) wait out an onslaught by simply staying within the strong castle walls picking off the sieging hordes with arrows and such from the castle battlements. (Stay with me here — I have a point). But in the end, the attackers could only access the castle by either climbing the walls or breaking the castle door.  And for a while, cybersecurity was similarly employed.  Create good firewalls and antivirus software, hunker-down inside your system and pick off potential invaders from the relative safety of your corporate fortress. This battle strategy is no more.

Today, a good attack does not just come from 2 directions.  Instead, picture a drone landing in the middle of the caste green.  That is the way cyber attacks happen today.  They come from different angles and approaches.  A firewall is totally ineffective when a hacker obtains the passwords of your employees.  And antivirus software is an important weapon in your arsenal, but it isn’t the last line of defense. Antivirus software works by scanning lines of code for known virus signatures. The problem is that hackers now create new viruses with multiple signatures to avoid detection.

Malware has evolved, a fairly recent article in the EconoTimes demonstrates the point perfectly:

A computer virus is only one of the many forms of malware that can adversely affect a computer or network. Early forms of computer viruses maliciously destroyed files or spread unwanted email messages to a user’s mailing list. In the early 2000s, cybercriminals stepped up their game and learned how to control a user’s computer via remote commands and used malware viruses to steal personal financial information for illicit gains. More recently, whole networks have been held hostage by cryptolocker “ransomware” that blocks access to all information on a network until a bounty is paid for its release.

Worst of all, viruses are not the only infection cybercriminals have constructed. There are numerous types of malware that can infect a computer that are not detectable by antivirus software and the cybercriminals are using ALL of them to infiltrate your network.  Hackers are coming in from above, tunneling in from below, and trying to breach the castle wall and drawbridge all at the same time. The solution is not to play the proverbial “whack a mole” but to prepare as best you can.

First, ramp up your supplies. Just like the lords of ole you need to have a robust firewall, up-to-date antivirus software, multifactor authentication, etc. Second, train your warriors.  Employee training and a culture of security that may prevent the invaders from just walking through the front door. Third, inspect all supplies moving in and out.  Vet your vendors to ensure that they have the same culture of security. And finally, have a battle plan.  Cyber incidents are not just a question of if but of when. Companies need to be able to respond decisively, effectively, and elegantly to avoid the “egg in your face moment” we see far too often. Having a robust breach response plan that is well thought out and drilled can be the critical difference post-attack.  Because, when it comes to cybersecurity, luck favors the prepared.


Nothing contained in this blog should be construed as creating an attorney-client relationship or providing legal advice of any kind.  If you have a legal issue regarding cybersecurity, domestic or international data privacy, or electronic discovery, you should consult a licensed attorney in your jurisdiction.