Saturday, 12 September 2015

Cyberattacks: The Danger, the Cost, the Retaliation

From hacking cars to stealing state secrets and instances of retaliation, there is a real-world awakening to just how expensive and dangerous it is to recover from a cyberattack.

Cybersecurity companies make billions of dollars in patching and reacting to the problem, but customers want proactive cybersecurity — not reactive analysis and temporary repairs. There are reasons this is not happening, and we must redirect both money and thinking in order to put the cybersecurity industry on the right track.

TODAY’S CYBERSECURITY BUSINESS: BAD START AND NEEDED CHANGE

When cybersecurity becomes a business rather than true protection, we have a problem. Unfortunately this is what it’s become, and though some are calling it a flat-out scam, I wouldn’t necessarily go that far.

There is so much vulnerability in networks and application software that even good cybersecurity developers are working with one hand tied behind their back. This has led to a hack-and-patch cybersecurity business that is a reactionary temporary repair — not an upfront cyberdefense. It takes months to even detect a breach and many more months to temporarily fix it. Companies are making billions in historically patching cyberattacks when customers want to spend their money to stop them from happening in the first place.

Case in point: The Sony attack was disclosed on Nov. 24, 2014, and discussed in arecent 60 Minutes broadcast: Today there are still hundreds of technicians working to correct the problem. Since this attack, other companies and government agencieshave been hacked, involving millions of people. This continues while the cybersecurity industry admits to limited cyberdefensive capabilities. In fact, the cybersecurity defensive positions are so weak that retaliatory offensive positions are being considered. What we have learned from earlier attacks is now being used to develop strategies to stop future attacks.

THE OPM BREACH AND LESSONS LEARNED

Nothing was more telling than the information disclosed in a report from the largest federal government breach ever on the U.S. Office of Personnel Management (OPM), which shows both desperation and hope as far as cybersecurity is concerned. The rapid disclosure of the attack may be easier for a government than a corporation that may take a stock hit, but the needed quick response is the same. The quicker the reaction to the breach, the less damage is most likely to occur.

One of the most impressive things that resulted from the OPM breach was the creation of a Cybersecurity Sprint Team that includes members from OMB’s E-Gov Cyber Unit, DHS, the National Security Council Cybersecurity Directorate and the Defense Department. The team was charged with leading a 30-day review of “cybersecurity policies, procedures and practices,” and issuing a Federal Civilian Cybersecurity Strategy based on its findings.

The sprint team will focus on eight priority areas:

  • Protecting Data: Better protect data at rest and in transit
  • Improving Situational Awareness: Improve indication and warning
  • Increasing Cybersecurity Proficiency: Ensure a robust capacity to recruit and retain cybersecurity personnel
  • Increase Awareness: Improve overall risk awareness by all users
  • Standardizing and Automating Processes: Decrease time needed to manage configurations and patch vulnerabilities
  • Controlling, Containing and Recovering from Incidents: Contain malware proliferation, privilege escalation and lateral movement; quickly identify and resolve events and incidents
  • Strengthening Systems Lifecycle Security: Increase inherent security of platforms by buying more secure systems and retiring legacy systems in a timely manner
  • Reducing Attack Surfaces: Decrease complexity and number of things defenders need to protect

The creation of the Cybersecurity Sprint Team and the unprecedented 30-day review that issued a Federal Civilian Cybersecurity Strategy based on its findings is a good sign of present and future responses to cyberbreaches. The key now is whether the recommendations from the Cybersecurity Sprint Team produce results.

View the original content and more from this author here: http://ift.tt/1Nv3Bkc



from cyber security caucus http://ift.tt/1i5yMFp
via IFTTT

No comments:

Post a Comment