At the Frontline: Cyber security expert Jim Butterworth

Guidance Software’s director of cyber security shares his insights on recent attacks by hackers and what security professionals need to know to stop them

Earlier this month, hackers believed to be working on behalf of the North Korean government launched cyber attacks directed at U.S. and South Korean government Web sites.

According to a report from the Associated Press, the attacks affected 11 different South Korean and U.S. Web sites, causing access problems as well as outages. Among the U.S. sites affected included the Treasury Department, Secret Service, Federal Trade Commission, and Transportation Department.

Government Web sites are not the only ones that have been vulnerable to attack. Highlighting the devastation web vulnerabilities can cause to an organization, TJX, the parent company of retailers T.J. Maxx and Marshalls, recently agreed to pay more than $9 million to multiple states following a massive theft of customers’ debit and credit card information. The retail giant has also reportedly entered into multi-million dollar settlements with banks that issue Visa and MasterCard credit cards to cover the costs that they incurred due to the breach.

In this “At the Frontline,” Jim Butterworth, a retired U.S. Navy cryptologist and senior director of cyber security for Guidance Software, discusses the steps that organizations can take to protect themselves from hackers, as well as how to respond in the aftermath of a security breach.

How do you protect your organization against an organized cyber attack like the one recently experienced by the U.S. and South Korea?

People just assume things are working and that their firewalls are doing their job. Not until you have something happen like this does it bring (cyber vulnerabilities) to the forefront. There are two things you have to consider, outside threats and insider threats. The insider threat could be an outside entity that has successfully penetrated your (cyber safeguards) and now has malicious software lying dormant in your network. These (viruses or worms) are remotely controlled and from a corporate standpoint, you have a responsibility to your peers to make sure that your network is protected in such a way that you don’t become an unwitting participant in an attack against them or your customers. You also have an obligation to your shareholders that information on your network is safe and you don’t have malicious code sitting there waiting to be activated. The best way to keep a robber from getting into your house is to make sure you have locks on the door, but what about when you invite the pizza man in? You just don’t think about the inside.

Now that we know that the recent cyber attacks against the U.S. and South Korea were intended to be much broader and also targeted the White House and the Pentagon, do you believe that U.S. cyber security officials and the safeguards that they have in place were successful in thwarting a more serious attack?

There’s two ways to look at it. One way is to judge success on the ability to penetrate the network. In that regard, (the hackers) would have been successful. If your objective is to fight through an attack, I would say the (hackers) failed. The (Web sites) weren’t mission critical from the standpoint of national security or critical infrastructure. It’s a zero sum game when you’re attacking low hanging fruit.

Who are some of the most prevalent countries behind these sorts of cyber attacks?

Obviously, you have the Chinese. They are very active and get a lot of press. It happens from every country, however. One of the things about the Internet, it has been called the great equalizer and (in a sense) you can fight the largest military in the world from a home computer. To coordinate a massive cyber attack, it takes a quite bit of preparation.

Looking at cyber security from a corporate perspective, what are some the steps that you need to take to ensure that your organization is safe?

This content continues onto the next page...