At one of my previous cybersecurity jobs, I received a frantic call from a man whose production company had just been hit with a massive breach. The company's main summer release was in final post-production when it was hacked, and within a day had over 100,000 downloads. It hadn't crossed anyone's mind that the company's use of an eastern European outfit to do cloud-based post production on the movie, without any consideration for potential security risks, might have been the issue.
Clearly, this group didn't guard its yard very well. But even if it had been more vigilant, as we've seen time and time again, if a hacker wants in ... a hacker is going to get in.
To protect our networks, we have to really know our networks and try to get to know our attackers. This requires us to admit to three basic "Ground Truths."
GROUND TRUTH #1: We have lost control
All of the technology advances that have made our lives more productive and more connected are exposing us to more threats. We have moved from a world where you had to be invited into a network and trust was presumed, to a world where we have no control over the borders of our networks and trust is presumed not to exist.
Combining the sheer number of unmanaged devices and digital identities with user demand to access any application from any device at any time and from anywhere in world, has created a monstrous situation: Without vigilant devotion and dedication to security, truly knowing and controlling our environments is no longer possible.
GROUND TRUTH #2: Offense is structurally dominant
Even with the best practices in place - segmenting networks, requiring dual factor authentication - the simple truth is that attackers have an asymmetric advantage over defenders in that they only have to be right once to get in, whereas we have to be right every time to stop attacks. And, the human being sitting at the intersection of our networks continues to be our weakest link in security. Credentials continue to be the number one attack vector.
We don't know our networks. Adversaries have structural dominance. It's a veritable feast for hackers.
GROUND TRUTH #3: Welcome to the rise of the Hacker-Industrial Complex
Hacking has grown into a thriving business. Malware has been commoditized. Attackers have gained increasing access to sophisticated tools at progressively lower costs. The business-model is great: You can use the same technique over and over again. And cybercriminals virtually never get caught: The best estimate is a single-digit-percentage prosecution rate.
Hackers are also operating more out in the open. In the past six months, research has shown that the number of bad guys openly using social media for criminal purposes has grown three-fold to about 300,000 - with more than 500 criminal organizations operating in seven regions. Criminals are openly advertising their capabilities for sale, forming into groups on social media sites, and collaborating on operations (the new shared economy), On the plus side, with more criminals operating in the open, we can track their activity and develop great intelligence on their networks.
So, Is There Hope for the Future?
For our adversaries, it has never been easier, and it will continue to be so.
For us, the stakes have never been higher. While it may seem hopeless, it's not.
Industry and government organizations are working hard to defeat adversaries. With the power of machine learning and artificial intelligence, our ability to defend networks is much greater than it's ever been. We can pick up information from firewalls, proxies, endpoints and networks, fuse it together with great contextual intelligence and protect ourselves against business risk.
Adversaries aren't the only ones working in teams. Amazing groups of white hats are coming together to make cyber safe again. Take actor Ashton Kutcher who is partnering with a technology innovation group called Thorn to go after child pornographers, or the military and intelligence specialists who have created Orphan Secure to identify and rescue at risk children.
Attackers aren't going away. That's clear. But if we take the time to understand our networks, and use our resources wisely, we can protect our most critical assets.
Author: Niloofar Howe
Category: RSA Point of View, Blog Post
Keywords: Adversarial Data Corruption, Cybercrime, Fraud, Hacker