Tackling the cyber enemy

arunim's picture

'We need to develop a security ecosystem with a robust and dynamic public-private partnership'

Arthur Coviello, Jr.

(The author is executive VP, EMC Corporation and Executive Chairman, RSA, The Security Division of EMC)

BANGALORE, INDIA: Many nations around the world have become highly dependent upon information technology in everything from national security and intelligence activities, to commerce and business, to personal communications and social networking. The Internet is one of the unifying fabrics driving globalization and political change at an increasingly accelerated pace.

Information technology (IT) is vital to every major industry and economy in the world. Unfortunately, due to the dynamic nature of today’s IT environments, these evolving technologies and modes of communication also represent one of our greatest threats. Therefore, it is not surprising that cyber security has become such an important economic and national security issue.

From our vantage point as a provider of security solutions, we are seeing the rapid evolution of the threat landscape, with more varied targets, and in many cases, more advanced technologies and tactics than ever before. This expansion in risk is threatening to erode trust in digital commerce, communication and collaboration that we all take for granted today.

The targets of more advanced cyber attacks now include organizations as diverse as pharmaceutical and automotive companies, law firms, oil and gas firms, defense industrial base and government agencies; and even information security companies. Unfortunately, over the past two years, the frequency and volume of cyber attacks has reached pandemic levels and these cyber attacks are resulting in significant economic and national security challenges.

Across the range of cyber adversaries, whether criminals, hacktivists, nation-sponsored or groups with other agendas, it is clear that the preferred method of exploitation has shifted to human end-users. Cyber criminals have long understood that users will click on links they shouldn’t and unwittingly install malware hidden through simple ruses.

Corporate IT departments deploy multiple controls to help deal with this threat: such as email filtering solutions, network scanners and the like which works well for generic, shotgun attacks when malware signatures can be updated quickly to immunize users, but not for sophisticated zero-day exploits. Consequently, because there is no way to prevent all people associated with organizations from making mistakes, organizations need to assume compromise is probably if not inevitable if they are to defend themselves thoroughly.

There are steps that industry and government can take to detect and disrupt attacks and create more agile defenses that will help deter attackers and protect critical information. Some of these steps require technology, some require reinvigorating risk management processes, some depend on the creation of more effective ecosystems of technology partners, some require additional investments in education and training of employees, and still others require changes in government policy.

Recognizing the invisible enemy
During the past 15 years, we’ve had an explosion of information being created at an ever increasing rate and spreading further and faster than ever before.  Along with this growth has been a veritable flood of productivity-enhancing web applications and personal computing devices. Every one of us is both consuming new technologies and trying to deal with their unprecedented entry into our organizations, from new mobile devices to smartphones to social networks. Are organizations ceding more control of their IT environments to their users? Yes. Will transitioning to cloud computing make it easier or harder to protect our sensitive digital information? That depends on how it is implemented.

To successfully defend against cyber attacks it is important to better understand the actors. The attackers can be categorized into four major classes of cyber adversaries: insiders, criminals, nation-sponsored or groups with other agendas, and nation states.

With the consumerization of IT, and the pervasiveness of computer systems in our lives, end users within organizations are more technology savvy, and have the ability to harm an organization from within.  Because insiders often have free reign on networks that potentially have limited security controls for “trusted” employees, the level of espionage, IP or financial theft, damage or other disruption they can achieve is significant.

Whether loosely affiliated or seriously organized, they are out to steal information assets that can be converted to cash. It’s typical to see their “platform-based” crimeware and zero-day vulnerabilities auctioned on the black market to the highest bidder.  A criminal group can buy a botnet kit for drive-bys, a spamming kit for spam runs, bulletproof hosting from an underground service provider and so on.  As the criminal ecosystem matures, the cost of entry for cyber crime continues to fall.

Nation Sponsored
A fourth category of attacker is the nation-state. Nation states typically are focused on gaining strategic advantage hrough theft of government secrets and valuable intellectual property, competitive advantage for their domestic industries or on gaining intelligence on their own citizens or those of other nations who they believe present a risk to their agendas. Nation-sponsored attacks are stealthy and sophisticated. They are also difficult to detect because they very often have compromised one company to be used in attacking another.

Groups with other agendas
This category of actors is made up of those who have, essentially, a non-sovereign agenda and who are investing disproportionately with respect to any returns they might see. The category includes publicity-seeking hackers (or so called “hacktivists”) with political agendas wanting to send out a very loud message with an emphasis on promoting their attacks to members of the media.

So, what can be done to address these challenges from a risk management, technology, education and training, and public policy perspective?

Developing more effective ecosystems
Security must evolve from conventional frameworks of an uncoordinated lineup of static point products to more advanced security systems capable of combating dynamic threats, and agile enough to meet the advanced challenges of the hyper-extended enterprise.

I believe that virtually everything we do in IT will transition to the cloud over the next 10 years as organizations continue to move business and IT functions that are not core competencies to cloud providers who can do them better and cost-effectively. Cloud computing, which is fundamentally changing the way organizations think about and implement IT, can enable organizations to improve their information security by replacing the disparate and piecemeal legacy IT systems that are prevalent today.  Cloud computing enables IT and information security organizations to implement centralized monitoring, management, compliance, and security controls.  In addition, security is being built into the information infrastructure that makes up the foundation for cloud computing including virtualization and data storage platforms.  

Even with better risk management processes and as organizations continue to move away from perimeter-based defenses, our community must develop a security ecosystem that will be an integral part of a comprehensive advanced defense strategy.  A robust and dynamic public-private partnership will need to be at the center of this effort.

Just as the cyber adversaries often work together to share intelligence and information resources, the industry and its partners in government must do the same. Beyond the open source and proprietary resources out there today, we all must be committed to creating more robust opportunities for information sharing that includes the private sector and government agencies alike.  The more actionable and real-time information exchange is, the better the chances in keeping pace with cyber adversaries rather than simply reacting after they strike.

Source: CIOL


Post new comment

The content of this field is kept private and will not be shown publicly.
1 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.