In February, President Barack Obama issued a cybersecurity executive order that directs U.S. intelligence agencies to share information on potential cyber threats with private businesses that are considered part of the nation’s critical infrastructure. The order also gives government agencies a year to devise a “baseline framework” for cybersecurity that incorporates peer-based standards and industry best practices. This week, the National Institute of Standards and Technology (NIST), which is part of U.S. Department of Commerce, hosted the first in a series of cybersecurity workshops designed to help develop this framework in Washington, D.C.
But while government officials and industry leaders meet to exchange ideas about how to best approach the problem, hackers are hard at work devising new ways to steal information and create chaos. Just last month, the Department of Homeland Security sent out a notice to government emergency communications centers warning them about the threat of telephone denial of service (DoS) attacks by those attempting to extort money by flooding public safety answering points (PSAPs) with calls to block phone lines. According to the story, there have been about 600 of these attacks reported so far, but none have yet to impact 911 lines.
According to Andrzej Kawalec, chief technology officer for Enterprise Security Services at HP, achieving a balance between enabling access to data and protecting it proves difficult when the threat is constantly evolving and the black market continues to grow.
“Our ability to respond to that hasn’t been amazingly successful as an entire industry,” he explained. “The focus on reactive controls and traditional security countermeasures can only help so far in that we’ve become very adept at defending our networks as though they were a line in the sand. And when you build sandcastles, the sea will rise and all of a sudden you fill find yourself cut off with your walls slowly eroding and I think that is the situation many enterprises have found themselves in.”
Another problem is that the frequency with which attacks and breaches are occurring has increased exponentially, which Kawalec attributes mainly to innovations in technology. “Five years is a huge horizon in the tech world and in the security world. The iPad wasn’t even born five years ago,” he said. “We’ve seen the time to remediate against a breach, in the last two years, go from 14 days to 24 days. It’s now taking nearly a month to remediate against a major breach. “
Rather than just sitting back, building higher walls and hoping that cyber criminals go elsewhere, Kawalec believes that organizations need to be proactive in responding to the threats they face and get out ahead of them.
“I think we need actively try and disrupt the kill chain, which starts with research and then the second stage being infiltration into your organization and the third stage being the ability to discover and cull across all of your data, capturing the important and valuable pieces and take them out of the organization. We need to think about how we disrupt each stage of that kill chain and that is a very different mentality from just layering security around anti-virus and different technology controls.”
Kawalec said there are three things that have contributed to the current state of cybersecurity within organizations; a traditional underinvestment in security that has not allowed companies to keep pace with the threats; security has too often been distributed across a lot of different functions within organizations; and, security teams have been unable to articulate the return-on-investment (ROI) of improving their security posture.