This article was originally published in Computing magazine and is republished here with permission.
The seemingly endless cascade of high-profile cyber attacks has propelled computer network security to the forefront of public awareness and boardroom agendas as never before. Unfortunately, though, too many companies continue to fall into the trap of relying on commonly held misconceptions and increasingly outdated assumptions to address cyber attacks.
To make real progress in combatting the next generation of attacks, it’s crucial to first update our appreciation of the rules of the game for today’s fast-moving cyber crime. Key to this is understanding the profile of today’s cyber criminals, their mindset, and the upheaval their attacks can now inflict. Let’s look at each.
First, it’s important to understand that the definition of a cybercriminal is evolving. For one thing, the barriers to entry for conducting criminal action via the internet have been profoundly lowered. Today, a single hacker working alone with a malware kit purchased anonymously online can mount substantial attacks on a company’s network. And with search engines crawling the web 24/7 looking for connected devices and systems with known vulnerabilities to exploit, the effort to find easy targets is now minimal at best.
It’s equally important to understand that IT security experts know they are often on a defensive footing in their fight against cybercrime. Hackers have two all-important advantages: ease of access to free-flowing communal knowledge and illicit tools within their underground communities; and the initiative to decide when and where to apply them.
Compare this to the siloed approach among various corporate IT and business departments. For these departments, it can be a struggle to collaborate among themselves, let alone with outside organizations. Consequently, corporate cultures can hinder companies from being able to properly organize and defend themselves with the best available information.
Defining the Hacker Mentality
To better defend against the next generation of attacks, we must also have a better grasp of the mindset of the adversaries we’re up against. To this end, everyone in the IT space needs to distinguish between the attitudes of security administrators and hackers.
Security administrators must essentially play catchup, constantly patching the system flaws that made the last network attack possible, while minimizing maintenance windows and network downtime that impacts the business. Hackers, however, move on quickly from their last attack and focus on new attack vectors to steal data or take down a network. These reactive and proactive approaches present a stark contrast, and one the IT industry needs to address with new ideas if it’s going to take back the initiative.
What’s more, many outside the cybersecurity community don’t really have an accurate expectation of how cyber attacks present themselves. Typically, the public thinks of network attacks as loud, aggressive assaults on a company’s technology. But this is another misconception, as the most dangerous cyber attacks of today have increasing levels of stealth and complexity, for which organizations need to recalibrate their understanding.
New Breed of Cyber Attacks
The 2014 attack on Sony Pictures’ networks and systems by the North Korean government was an inflection point in alerting the general public to what security experts already knew about the new blueprint of modern cyber attacks. It also offered insight into how more attacks of the future may arise.
In the Sony attack, nation-state hackers using known criminal techniques entered the network and silently established a persistent presence without detection. Months after entering the Sony systems, the attackers finally ransacked the company’s entire network environment, stealing huge data sets and releasing vast amounts of employees’ personal information and emails, and then executing disk wiper malware as they exited the network. This was another inflection point the cybersecurity community had predicted – the destruction or corruption of data on compromised systems, not theft. It’s an increasingly common feature of modern attacks, as is the wholesale destruction of system log files as hackers seek to evade network defenders and baffle incident responders.
In the Sony Pictures breach, a corporation’s systems were hacked, and private data was leaked, stolen and destroyed with serious, but manageable, consequences mainly confined to one organization. But consider the consequences of a similar attack on a healthcare provider’s network in which hackers compromise, deny access or even erase medical data. Lives could easily be put in danger, and havoc could ensue on a whole different level.
There’s no single solution to countering the mounting threat of sophisticated cyber attacks. But one area of promise lies in moving business transactions off the public internet to private networks.
The paradox of the public internet is that despite how we use it today, it was never designed to be a secure environment. It was conceived as a network for researchers to share data, not protect access to it. And it’s been more of a best-effort network than a best-in-class one.
For this reason, private networks have emerged as a promising answer to protecting transactions at a time of growing cyberattacks. These networks can be utilized to minimize business risk by providing a high level of security from the public internet; global but flexible connectivity; and better performance with higher capacity, higher speed, and lower latency.
In these ways, private networks offer a solid starting point for companies that want to conduct online business more safely.
It’s vital that corporations, governments and IT companies continue to come together in a united front to change today’s outdated perceptions about cyber crime. The barriers of entry to launching disruptive online attacks have dropped drastically, and these attacks are steadily escalating in stealth and complexity.
We must reassess our understanding of the profile, mindset and destructive ability of today’s cyber criminals to make greater progress in stopping them. In this area, private networks offer a reliable approach to protecting transactions and data in an age in which devices and systems connected to the public internet have become unacceptably open to attack.
As Senior Vice President and Chief Security and Risk Officer, Phil Celestini leads security and risk management across Syniverse, including adopting new technologies and building industry awareness of critical threats and opportunities arising from such areas as the internet of things, 5G, artificial intelligence, and blockchain. With a career spanning more than 35 years across government, law enforcement, and the military, Phil brings extensive executive leadership experience in security, risk, and compliance. From 1992 to 2018, he served as a Special Agent in the U.S. Federal Bureau of Investigation (FBI), where he was most recently Special Agent in Charge in Washington, D.C., and where he also served as the FBI’s senior representative to the National Security Agency and U.S. Cyber Command among other roles. In addition to his investigative acumen, Phil is an acknowledged expert in cyber and information security. He earned several commendations and community honors as FBI Special Agent, serving in positions of increasing leadership responsibility in numerous field offices, FBI headquarters, and on the National Security and Homeland Security Councils at the White House. Prior to his FBI career, he served as an intelligence operations officer in the U.S. Air Force. He received his bachelor’s degree from the U.S. Air Force Academy and a master’s degree in public safety leadership from Capella University.