The entrepreneurial spirit and technology acumen of the United States provide reason for optimism in the fight against cybercriminals, said former FBI Director Robert S. Mueller III. At the helm of the FBI from September 2001 through September 2013, Mueller came to view cybercrime as a top threat to the U.S., but when organizations pulled together to address this threat, they made progress.
At CDW’s Managing Risk Summit in Washington, D.C., this spring, Mueller confirmed that cybercrime has grown to be as big a threat as terrorism. Each inflict their own kind of damage, because while terrorist attacks have immediate consequences on specific targets, cyberwarfare chips away at our foundational institutions. While there is some cause for optimism, we still have a long way to go in the escalating struggle to secure our nation’s information systems.
When hackers use ransomware to attack financial institutions, it affects our economy. And as Mueller said, it’s only a matter of time before cybercriminals go after U.S. critical infrastructure — electrical grids, water supplies and transportation systems.
A Dangerous Evolution
Cybercrime has grown into a big business, and to disrupt this thriving industry, federal agencies, local law enforcement and businesses must work together to share information and resources, and do their part to thwart attacks, warned Mueller.
One major problem organizations face is that the perimeter defense tools of the past are no longer sufficient to protect valuable data and applications. Organizations should maintain efforts to keep intruders outside of their networks, but they also must plan for an effective response in the highly likely scenario that cyberattackers succeed in breaching the network perimeter. Among the biggest vulnerabilities for many organizations are users who have legitimate access to systems and data. Of roughly 500 investigations of security breaches conducted last year by security vendor FireEye, 90 percent were caused by users who compromised security, as opposed to insecure systems, FireEye CEO Kevin Mandia explained during the summit.
In many cases, Mandia said, a hacker can gain unfettered access to a network simply by following an employee who posts everything he or she does on the internet, then sending the user a highly targeted spear-phishing attack. Or an attacker could send an email to a group of users about changes to their organization’s healthcare benefits, along with a link to a web page that installs malware on a user’s computer. Mandia said he could list hundreds of examples of successful spear-phishing attacks. His point: Sometimes, successful attacks are unavoidable.
The inevitability of a breach should prompt security professionals to change their focus. Instead of devoting all their energy to keeping attackers out, organizations should spend time thinking about responding quickly and effectively to the first moment of ingress, advised Sadik Al-Abdulla, director of security solutions at CDW. How can attackers move from nonessential systems to high-value data and applications — and how can security measures prevent such movement? What can an organization do to slow down threats or contain them?
A Change in Approach
Thinking like a hacker can help, Mandia said. Organizations can prepare for a breach by asking how they would break into their own network. They should then ask, if that attack were successful, would they be able to detect it? Finally, what is the worst-case scenario if an attacker does break in?
Security personnel can implement tools that minimize or prevent damage by an intruder. Adaptive, next-generation security software can detect, respond to and recover from attacks in real time. Even if an attacker gains access to a network, he or she will have a hard time getting to anything of value before being caught and contained.
This is a transformational time in IT, Al-Abdulla said. With cloud migration and mobility, organizations are moving more functions online and onto devices such as smartphones and tablets. Organizations should adapt their security processes to meet the needs of today’s systems and the demands of modern threats. To do this, security stakeholders must be involved in the design process.
Together, they can prevent the enemy from advancing.
This blog post is brought to you by: