Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/9/2020
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Navigating the Security Maze in a New Era of Cyberthreats

Multiple, dynamic threats have reshaped the cyber-risk landscape; ignore them at your peril.

As we look forward to the new year and the potential for a return to some measure of normalcy, we have the opportunity to consider how we might tackle the new challenges of the rapidly evolving cyber-threat environment going forward.

In particular, as cyber defenders in both the public and private sectors assess our posture and consider how our approach should shift going forward, it is strikingly clear that while we have made significant progress in strengthening our defenses and are getting better at raising the cost to our adversaries. However, we have yet to fundamentally shift our paradigm to account for the threats we face and to keep up with our adversaries' capabilities.

Related Content:

Cybercrime: Nation-States Go Prime Time

The Changing Face of Threat Intelligence

New on The Edge: BECs and EACs: What's the Difference?

In 2017, we saw two cyberattacks that have fundamentally shifted our understanding of the threat environment. NotPetya, a cyberattack aimed at Ukraine by Russia, spun out of control, causing $10 billion in damages worldwide. That attack taught us that collateral damage is a real thing in cyberspace and one need not be the direct target of a cyberattack to suffer significant harm. 

Likewise, the WannaCry ransomware attack conducted by North Korea, also in 2017, demonstrated the crippling effect such attacks can have on the public and private sector, including healthcare institutions. Less noticed by the public, but perhaps even more critical to the American economy, is the continued theft of core intellectual property by nation-states, principally China, which undermines the global competitiveness of American companies and directly threatens American jobs, particularly as we seek to grow as an innovation-focused economic power.  

This effort undercuts not only the work of large enterprises but also small startups that are highly dependent on the creation of new and unique intellectual property and which are increasingly at the heart of American economic growth. 

More recently, as the global COVID pandemic has spread, we've seen a marked increase in malware attacks taking advantage of the situation and targeting the response and recovery infrastructure, including international organizations and vaccine manufacturers. We've likewise seen attacks on medical facilities resulting, indirectly, in patient deaths, financial institutions and governments being robbed or defrauded of hundreds of millions of dollars, continued efforts by adversaries to put privately owned critical infrastructure at risk, potentially to shape or modify government behavior. 

This all takes place as we continue to see nation-states like China not only siphoning off billions of dollars of intellectual capital from across the globe as noted above but also extracting massive amounts of data to train sophisticated machine learning algorithms. Furthermore, China, Russia, and Iran are engaged in efforts to manipulate popular opinion and undermine the rule of law and confidence in elected leaders and key institutions.

Unfortunately, the threat landscape is likely to get worse before it gets better. With the broad rollout of 5G networks globally and increasing capabilities and use of mobile and Internet of Things devices, not to mention the new work-from-home environment spurred by the COVID pandemic, we are operating in a target-rich environment for both nation-state and private cyberattackers. And the lines between the two are increasingly becoming blurred. While we've long known that the Russians operate through criminal proxies, the advent of such double-dipping in China is troubling given the massive scale and sophistication of attacks that collusion between criminal and nation-state actors in China can bring to cyber-threat landscape.

Moreover, this rapid growth in infrastructure and threats also means that the workload facing cybersecurity personnel is growing faster than we can possibly develop talent. There simply will not be enough people to solve this problem and, as such, we must crowdsource the knowledge we need and leverage advanced technologies to address this shortfall. 

The good news is that the private sector and the government have been improving defenses. The cybersecurity conversation has made it into nearly every boardroom, even if directors and risk committees aren't always prepared — or equipped — to fully grapple with the myriad threats they face.

Corporate cybersecurity leaders are increasingly gaining a seat at executive leadership meetings and seeing budgets more aligned to the threat. And the government has finally started to get serious about the threat by taking the fight to cyber adversaries overseas under new authorities with advanced capabilities and working across traditional lines. We should preserve and expand on these efforts by doubling down on the defend forward strategy and persistent engagement mission of US Cyber Command overseas, and by expanding partnerships and joint training, exercises, and planning among our cyber defenders in government and the private sector.

Yet more needs to be done. Government and industry continue to operate in traditional silos, focused first on defending individually, rather than protecting collectively. To be sure, industry and government have done more to share information recently than perhaps ever before, but such sharing is simply one aspect of the larger effort. The real key is to be able to collaborate defensively at speed and scale across companies, industries, states, and national boundaries. 

As the Cyberspace Solarium Commission noted earlier this year, we need a paradigm shift to collective defense, with shared situational awareness and broad collaboration across the board. As we look to the next year, and think about change we need, when it comes to the cyber realm, it's worth remembering the old adage that united we stand, divided we fall.

Gen. (Ret) Keith B. Alexander is the former director of the National Security Agency and founding commander of the US Cyber Command, and currently serves as chairman, president, and co-CEO of IronNet Cybersecurity. Jamil Jaffer served in senior national security roles in the ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
mikehamilton
50%
50%
mikehamilton,
User Rank: Author
12/9/2020 | 10:11:47 AM
What aren't we considering economic sanctions?
It seems to me that the time has come to look at other options besides 'defending forward' - specifically the use of market forces to change behaviors. If we started denying legitimate business traffic from governments that overtly or tacitly support cyber crime, my feeling is that the business community would put pressure on leaders to curtail the activity. Said another way, let the oligarchs go stand on Putin's desk and behaviors will change.
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...