We recently had an opportunity to sit down with one of the leading cyber security experts in the world and former head of the National Cyber Security Authority of a Western state. He discussed a number of issues currently broached within the global security establishment. Here are some of the things we learned:
No One’s Safe
In a day and age when almost everyone surfs the net and just about any piece of information can be found online, the threat of someone, be it a hacker, terror group, or oppressive regime getting their hands on the private information is a scary thing to envision. Hundreds of millions of people along with government policies, military operations, nuclear sites, and other data crucial to national security could, theoretically, fall into the wrong hands. The outcome is truly a scary thing to behold.
Since the early days of the internet, cybercrime has transformed from malware attacks targeting businesses and private individuals to state espionage and attempts to influence political events. Governments across the world have established cybercrime fighting agencies to combat the growing threat.
Get there First or Else…
One of the changes that have taken place is a shift from systems providing security from cyberattacks to ones trying to understand the mindsets of attackers and determine their next step. In essence, cyber security is the natural progression of IT security, taking into account what the attackers are trying to accomplish and how they plan on doing this.
It Doesn’t Look Pretty
A number of large-scale attacks in recent years have revealed the scope of what cyber criminals are capable of achieving with the help of the right training and necessary resources.
In 2015, dating site Adult Friend Finder was hacked, revealing personal information of 4 million users. Next year, over 400 million accounts on the same site were compromised in a much bigger, more advanced attack. In 2014, Russian hackers stole more than a billion account details from some 420,000 global sites.
There were over 765 million data breaches reported over a three-month span of last year alone with losses in the tens of millions, according to a leading digital security firm.
Wannacry and NotPetya ransomware attacks led the way last year. 1.5 terabytes of data including contact details of a number of Game of Thrones actors were compromised from HBO.
It WILL Get Worse
While the traditional HLS approach incorporates “Low Voltage,” tangible technologies such as security fences, radars, security cameras, advanced alarms, and similar security methods, the cyber world focuses on technological attack tools. These could very possibly defeat out-of-date systems in the very near future.
Oppressive regimes and Dark Net actors have begun employing cyber technology to target large companies and influential political entities. Perhaps the biggest threats at the moment are national-scale attacks on critical infrastructure or large industry players such as: technology firms, emergency services, electric grids, and chemical facilities.
Attacks such as the high-level data theft of the private medical records and personal details of 1.5 million patients in Indonesia last year could provide dangerous criminals data for blackmailing millions. This capability could be translated to a national level, allowing hostile nations to enforce their will on neighboring states without the need to wage military battle.
New Types of Attacks & the Element of Surprise
Like other areas of the online universe, the cyber arena is constantly developing. New methodologies will allow cyber criminals and state actors carry out more advanced attacks, catching existing defense mechanisms by surprise. A number of technologies continue to be developed to offset this capability.
IOT-Change in Paradigm
A change of paradigm, however, might make preventing an attack near impossible. The Internet of Things was—and continues to be a popular trend that connects people’s software devices and home appliances, making life easier and saving time. It has also presents cyber criminals an attack tool of a different magnitude that the world hasn’t yet witnessed.
Since unlike of the Internet, the IoT includes an infinite amount of devices and programs, it’s impossible to provide advanced protection for all of them at once. The Mirai botnet attack of 2016 which took down a number of major social media, music, and movie platforms and the Botnet Barrage targeting over 5,000 IoT devices at a US university campus were two such cases.
This is a paradigm that’s hard to grasp because of the enormous quantity and potential permutations of such a strike. The world will need to think of ways for protecting critical assets with the realization that the IoT can serve as a platform for attack.
Cyber-security agencies have three central types of tools at their disposal: classical protection such as anti-malware, anti-virus, and firewall programs, technologies with the capacity to predict attackers’ tactics such as traps and deception tools, and Incident Response tools, the most advanced type of cyber security to date that allows agents to minimize damage caused by cyber-attacks.
Approach for Deterring Cyber Terror
The world of physical defense and cyber security will eventually need to coalesce into intrapolar units if security agencies hope to have a chance against cyber warfare creating holes in physical defenses leading to successful military strikes.
This arrangement will make cyber defenses responsible for providing a type of safety net for HLS. We’re still far from getting there, but time will tell that a cohesive security approach linking cyber security with physical systems will provide field units the best means of deterring security threats.
TAR’S Cyber Division stands at the forefront of Cyber technology development and Cyber Security. Working with Intelligence Units, HLS organizations, Law Enforcement and governments worldwide to provide a wide range of offensive and defensive cyber solutions.