Island hopping. Conjures up images of clear azure waters, pristine beaches and lazy days. Sadly, in the Cyber world, the reality is anything but a relaxing break.
The name ‘island hopping’ comes from a WWII military tactic used by the United States in the Pacific. This involved capturing smaller, strategically located islands and establishing military bases, as opposed to outwardly attacking mainland Japan. From these new bases, Allied soldiers would start the process again and continue until they reached their main target.
In Cybersecurity terms, island hopping is when cyber criminals infiltrate their target organisation through smaller companies such as HR and payroll, marketing or healthcare, that work with the target. These smaller companies tend to have more vulnerable security systems than the larger target organisations they service. Don’t even think about IOT devices.
Companies are facing the very real threat from their own 3rd party suppliers they are reliant to run their business. Effectively this means that no matter how secure and organisations processes and procedures are, they are still inheriting risk. Once breached the cyber criminals are looking to traverse the organisations data centre looking for the highly prized pay dirt.
Sure you can segment at the network level, but what about detection? Most breaches go undetected for months. Furthermore how are the key applications in organisation mapped and understood? Especially in terms of complex application architectures residing in multiple locations from on-premise, cloud and yes, taking in data from those ‘friendly’ 3rd party sources. Time to stem the tide another way.
While the island hopping attack strategy is not new, it is becoming increasingly important as attackers find new ways to gain access to enterprise networks that must accommodate greater numbers of third parties, whether they are remote employees, contractors, corporate customers or suppliers who must access resources remotely.