By Parker Pearson, Chief Strategy Officer, Donoma Software
Perimeter security solutions always have vulnerabilities, and new ones are popping up every day through system and vendor updates. It’s a moving target, and it’s quickly becoming impossible to keep pace with the rate at which these vulnerabilities are being exploited. So, the question becomes, what can CISOs, and CIOs do to better protect their data?
In the field of cyber defense, there has always been a great deal of emphasis on defending the network perimeter – so much so, in fact, that many organizations still focus their entire cybersecurity strategy on perimeter-based solutions.
Beyond the blurring of physical boundaries, there are many other reasons why perimeter security is no longer enough. The entire concept of securing the perimeter is inherently reactive, and the proliferation of AI-accelerated threats has created a situation in which it’s difficult (if not impossible) for defenders to keep up with the speed and volume of automated attacks coming in from the outside. Although software patching remains critical, each patch is written and distributed only after a vulnerability has been exploited. By then, the damage has already been done. It’s like playing a perpetual game of Whack-a-Mole in the midst of a 24/7 Urgent Care Center.
But perhaps the most urgent reason to move beyond a perimeter-only approach is the reality that – even now, as you read this article – hackers are likely already silently inside your IT systems.
External vs. Internal Threats
Cyber threats can be separated into two main categories: External attacks and internal attacks. Unfortunately, for most organizations, their IT networks are still extremely vulnerable to both types.
- External attacks are perpetuated by criminal persons, organizations or even nation state adversaries who find highly creative ways to gain access to systems so they can steal or ransom data. External attacks can take many different forms, but some of the most common include malware, phishing, ransomware, Denial-of-Service (DOS) and Man-in-the-Middle (MITM) attacks. In larger organizations, we also see SQL Injection, Zero-day exploits, and Spoofing attacks. In the first five months of 2025, more than 22,000 new Common Vulnerabilities and Exposures (CVE) records were received by the National Institute of Standards and Technology (NIST), with a backlog of nearly 25,000 more reportedly awaiting analysis. In 2024, over 40,000 new CVEs were published, up by more than 37% from 2023. These vulnerabilities are being exploited and weaponized faster every year on a massive scale.
- Insider Threats happen when individuals with credentialed access misuse their privilege – either intentionally or unintentionally – to harm the organization. These are perhaps one of the most concerning types of threat. The Cybersecurity Insiders 2024 Report indicates that 83% of organizations reported insider attacks in 2024, with 51% experiencing six or more attacks in the past year. In many cases, these are socially engineered, either by bribing existing employees or intentionally placing individuals as employees/contractors within an organization, just to gain access to data. Internal administrators often have inappropriate or unnecessary access to data that would normally be off limits to someone at their level of responsibility. Another form of insider threat is a Supply Chain attack, which targets third-party vendors or partners to compromise their products or services, which are then used to attack the main organization.
It’s important that everyone in the organization be educated about how to protect against both types of attacks. Data is an asset, and its protection can no longer just be delegated to IT without oversight and understanding.
The Threat is Already Inside Your Network
Most organizational leaders want to believe that an internal threat isn’t likely. After all, who wants to work with people who would steal? Sadly, most organizations learn the hard way, because they can’t imagine that a data breach will happen to them. In fact, many organizations still view a data breach as an unlikely scenario, with odds similar to being hit by a tornado or a fire. So many assume that if they are not a household name with millions of customers, they will be poor targets. Still others, believe they are adequately prepared but never run simulated exercises to check. But the odds are that much higher – nearly 1/3 of organizations will get hit by a data breach this year.
So why are so many breaches still occurring? The fact is, most people are working off some erroneous assumptions, particularly around their use of data encryption. While many security personnel proudly announce that all their data is encrypted in transit and at rest, what no one has been acknowledging is the dirty secret that once systems are in use, all that protection goes away. Most organizations never shut down their applications (even after hours, if they do not run continuously) so their data is always vulnerable, to anyone (known and unknown) inside the perimeter.
The recent Coinbase data breach is a great example. The breach did not result from a technical vulnerability in its systems, but rather was perpetuated from within, by support staff who abused their legitimate access to steal the data in return for relatively modest bribes. The breach compromised the sensitive personally identifiable information (PII) of almost 70,000 users, along with account-related information such as balance snapshots and transaction histories. This unauthorized activity happened over the course of almost 6 months before being discovered. As a result, Coinbase is facing at least six class action lawsuits alleging that Coinbase failed to implement and maintain adequate security protocols, exposing users to serious risks. In response to the breach, Coinbase has refused to pay the $20 million US ransom demand and instead offered a $20 million reward for information leading to the identification and prosecution of the attackers. The company estimates that the incident could cost between $180 million and $400 million, accounting for remediation efforts and reimbursements to affected users.
In another example, Capital One experienced an enormous data breach in 2019, due to a misconfiguration of their cloud infrastructure (specifically a misconfigured Web Application Firewall). This vulnerability was then exploited to access sensitive data from over 100 million customers, including credit scores and banking details. Unfortunately, this is not an isolated incident. System administrators often have too much access to organizational data compounded by them escalating their access privileges without the knowledge of management.
In another notable instance, in 2024, a hacker broke into AT&T’s cloud storage provider, Snowflake, and accessed call and text records for almost all their 109 million US customers. Although AT&T claims that no names were attached to the stolen data, the breach led to multiple class action lawsuits were just recently settled for $177 million US.
The reality is that we now must operate in a Zero-trust environment; but no organization can achieve full data privacy protection unless they also protect their data at its source. This means securing data via continuous encryption not just at rest or in transit. This is an open gap that needs to be addressed in every organization. One solution is our Donoma Seshat continuous encryption that secures data even when in use.
5 Steps to Mitigate Perimeter Security Only Risks
Let’s face it: if perimeter-based security solutions were enough, we would not have daily data breaches. The problem is that perimeter-based solutions always have vulnerabilities, and new ones are popping up every day through system and vendor updates. It’s a moving target, and it’s quickly becoming impossible to keep pace with the rate at which these vulnerabilities are being exploited.
So, the question becomes, what can CISOs, and CIOs do to better protect their data? Here are five steps to take immediately:
- Create and Regularly Test Incident Response Plans. CISOs and other technical leaders must collaborate with executive leadership to simulate real-world scenarios to test response capabilities, updated regularly to address evolving threats. Having a clear tested plan speeds response time and minimizes damage when attacks occur. Develop detailed incident response procedures, assign specific roles to team members, conduct regular tabletop exercises, and ensure all employees are trained to recognize and report suspicious activities quickly.
- Take a closer look at your data access policies. In most organizations, the IT staff is spread thin, and administrators are expected to have expertise in a highly complex ecosystem of hardware and software. The high stress workload of these teams often result in corner cutting, such as unchecked access to all digital systems in the hands of an understaffed team who may not have the correct skills, either technical or operational to have such unfettered access. The IT function is often managed by the CFO or the COO, whose areas of expertise preclude them from understanding what their IT staff does on a daily basis and the many operational risks and threat vectors lurking in an area so many do not understand. Employees should be granted access only to what they need to do their jobs.
- Implement continuous monitoring. Up until recently, it’s been relatively easy for people to hide nefarious activities within the noise of systemic network checks. But now, with AI being woven into the fabric of the network, it’s becoming easier to detect anomalous access and behavior patterns.
- Embrace Multi-Factor Authentication (MFA). Weak authentication mechanisms or poorly managed access controls can lead to unauthorized access to critical systems and data. MFA provides a foundational security layer that can dramatically reduce the risk of account compromise. On its own it is not enough, but there are still many organizations who have yet to implement this first step to good data protection.
- Embrace Privacy Enhancing Technologies for continuous encryption. Data encryption is a fundamental element of every viable enterprise cybersecurity strategy, but many executives are operating under the misconception that their data is safe because they’ve implemented something billed as “end-to-end” encryption. Unfortunately, most of these solutions only encrypt data while it is at rest or in transit. Once the application is in use, the encryption at rest ceases to be of benefit and the data is exposed as clear text. Only continuous (homomorphic) encryption now available in new Privacy Enhancing Technologies (PETs) continuously protect data. By eradicating data loss, PETs can put an end to data breaches, data leaks, and the damage they cause. In doing so, it can eliminate the damage to brand reputation and ensuing litigation associated with data breaches, as well as regulatory reporting requirements. It not only helps organizations protect their intellectual property, confidential information and trade secrets from competitors, foreign adversaries and criminals – it preserves their brand value and bottom line.
In conclusion, perimeter-based cybersecurity solutions are like a moat around a castle. They may deter and defend, but they do not stop hackers from getting into networks or people with legitimate credentials from stealing data, plug security holes that leak data, or eliminate mistakes and misconfigurations of settings. Many security breaches occur because employees are unaware of best practices in cybersecurity or are careless in following them. Perhaps the single most important cybersecurity best practice for businesses to follow today is to invest in a multi-layered defense strategy, also known as “Defense in Depth.” This layering should include not just perimeter and Zero-Trust strategies, but also secure data down at its source via continuous encryption now becoming commercially available. This approach minimizes the impact of breaches by ensuring that as security controls are compromised, the data remains protected.
About Parker Pearson
protection. With over twenty years of experience in technology innovation and entrepreneurship, she helps turn cutting-edge ideas into real-world solutions that solve complex business problems. At Donoma, she has helped power the company from startup to industry disruptor with their innovations in continuous encryption and privacy enhancing technology. Her expertise lies in making innovation understandable and aligned to meet evolving client challenges. She consistently seeks the next challenge to bring new ideas to life and transform them into commercially available solutions organizations need. What drives her most is the belief that curiosity, creativity and imagination are the true source of innovation. The rest is just ones and zeros.
