It seems like every day there is a new data breach or heist. Hackers break into corporate or government computers and swipe names, addresses, birth dates and those all-important US Social Security numbers. Consider these recent breaches:
My recent Journal article focuses on Windows computers with an emphasis on all nonserver Windows computers. This includes Windows end-user devices, such as workstations, desktops, laptops, hybrids and tablets. Workstations are just as important to the security of an organization as servers. Of course, an insecure workstation only directly impacts one user (in most cases), while a server can impact thousands. But all of the biggest breaches in recent times have started with a compromised workstation, not a server. Even though servers and workstations run essentially the same Windows operating system, securing workstations is very different than servers.
I was recently invited to participate in a panel discussion at a cybersecurity conference. The overall focus of the panel was on best practices for network security, specifically preparing for a cyberattack. We were given 5 focus areas to consider, mostly the usual topics such as zero-day attacks and bring your own device (BYOD). The 5th focus area was deploying a successful disaster recovery (DR) plan with regard to cybersecurity.
In addition to myself, the panel was staffed by 2 chief information security officers (CISOs), a chief executive officer (CEO) and the panel was moderated by a 3rd CISO. When the topic of DR came up for discussion on the preparation conference call, 1 of the participants summarily dismissed it as being old hat and played. He said that topic has been discussed to death and there has been nothing new in that area in years. One person after another agreed with him, and the moderator said “Ok. We will cut that topic out of the discussion.” I disagreed and chimed in with a brief overview of my recent Journal article. Afterwards, they all agreed to keep the topic, and someone even suggested that we move the topic up to be the 1st subject of discussion. They said that they had never looked at DR from the perspective of preparing the C-suite for a cyberbreach.
One of the most fundamental pillars of cybersecurity is cryptography, and most of the cryptography tools used today rely on computational assumptions, such as the difficulty of factoring 2048 bit numbers.
Two decades ago, we learned that the quantum paradigm implies that essentially all of the deployed public key cryptography will be completely broken by a quantum computer, and brute force attacks of symmetric ciphers can also be sped up significantly. Fortunately, quantum computers did not exist at the time.
Today, the wait-and-see approach is no longer a responsible option. Protecting against quantum risk takes many years of planning and deployment. The realistic timelines for evolving to a quantum-safe infrastructure are comparable to the timelines for the quantum risk to become a reality. If one is responsible for providing medium- or long-term confidentiality, the risk of waiting is even more acute.
In the movie The Untouchables, a hit man pulls a knife to stab Sean Connery, then Connery pulls a shotgun on the hit man. The lesson from this scene is do not bring a knife to a gunfight.
A lot of corporate IT security staff must not have seen this movie. They are bringing knives to the data security fight while hackers bring guns, cannons, tanks and jet fighters.
With increasingly clever malware and phishing tactics, hackers are snagging users login credentials at a frightening pace and gaining access to networks. It can be as easy as exploiting a security hole in a web browser while the user is surfing the web to seize credentials and access privileged services.
As an information security professional for more than 15 years, I have seen and experienced many aspects of security. I thought I knew what cybercriminals were doing and how they were doing it, but I was wrong. During one of my periods of research, I found papers authored by Trend Micro on the malicious cyberunderground. The papers were a presentation of their research in Russia, Brazil and China. I found the findings enlightening and scary not only to the world’s technology environment, but to everyone who uses it.
The Russian underground provides cybercriminals a place to market their products and services. They sift through traffic stored in botnet command and control (C&C) servers for information useful for targeted attacks. Cybercriminals verify that malicious products support their claims (to avoid false advertising), and there are brokers who make a percentage of the escrow while the product is tested.