while every organization’s needs are unique and solutions must be tailored to fit, getting on top of both threat vectors is largely accomplished in the same way and must be an integral part of any business plan, corporate structure, or agency design.
New York, NY (PRWEB) June 22, 2012
Almost every aspect of daily life today is woven into the digital fabric of society. And while the conveniences provided are immeasurable, so too are the cyber threats that seek to take advantage of those conveniences for both personal and national gain. The challenge of securing cyber assets is not new, as headline after headline of one monstrous data breach outpacing the last continue to churn out. Organized hacker groups like Anonymous and Lulzsec have been acknowledged on a national scale, flexing muscle and thumbing their noses at even some of the most cyber savvy security agencies in the world. But they’re not alone.
The damage tallied in treasure from unaffiliated homegrown threats alone is becoming a more substantial strain on US businesses, corporations and agencies by the year. But now more unfamiliar threats are bubbling to the surface, cyber warfare and the cyber warriors that execute it, making implementing an E-Defense System a more compelling need than ever.
The intricacies of the cyber battlefield and the players involved, however, are not really built for one word sound-bite answers, as Joe Caruso, CEO/CTO of Global Digital Forensics, recently experienced when put on the spot and grilled by Stuart Varney & Company during an interview with FOX Business.
“The question seemed simple enough,” Caruso said recalling the interview, “What country leads the field in beating up someone else’s computer? But the answer is not really simple at all. Even our best intelligence agencies are not capable of coming up with many concrete answers because the cyber battlefield is fluid and ever changing and every government of a developed country is in on the act in one shape or form, and naturally it’s all hush-hush. There are famous gladiators in the cyber arena which quickly come to mind, like our own exceptional cyber warriors manning the battle-stations in agencies like the NSA, CIA and our US military cyber command units, Russia’s intelligence counterparts, Israel’s Unit 8200 and North Korea’s Reconnaissance General Bureau. And of course there is the massive organism that is China’s cyber front, a blend of actual PLA departments and personnel mixed with a hard to trace and hard to count contingent of civilian hackers contracted to execute cyber attacks on behalf of the state, numbering in the hundreds of thousands according to some FBI reports. But you also have other players out there that might not get as much press, but they’ve been honing their craft in the shadows just the same. The India Cyber Army and the Pakistan Cyber Army have squared off repeatedly, Estonia was essentially paralyzed by a cyber attack a few years back, introducing them to the crippling power of cyber warfare, and you can bet your last dollar that Iran is putting cyber warfare on the front burner after being successfully attacked by Stuxnet and to a lesser extent by the Flame virus. Terror groups like Al Qaeda are also chomping at the bit to get involved with cyber weaponry, and then there are other countries that experienced cyber uprisings like Syria and Egypt which got a pretty good taste of cyber power as well. Not believing that any one of them could pose serious cyber risks to US assets with focused cyber attacks would simply be an exercise in foolishness.”
Who are the targets and what can be done to minimize the threat?
This is where the E-Defense dynamic between actual cyber warfare conducted by nation-backed attackers and cyber attacks orchestrated by unaffiliated, self indulgent hackers converges, both on the vulnerability and prevention fronts.
“When we talk about cyber warfare, we’re basically talking about APTs (Advanced Persistent Threats). These attacks are well planned, well organized and well executed with a specific goal in mind, and that goal is rarely cash or reputation related, as is often the case with regular hackers. A cyber warrior’s goal is mainly intelligence, mapping vulnerabilities and assets, understanding internal controls, and of course creating ways to gain later entry should the need arise, like backdoors, pilfering valid passwords and user IDs for later use and the like, preferably with no action being taken, yet, and no one ever even knowing they were there. But this is where the threats posed by cyber warriors and cyber criminals, and some solutions, merge. Just because you’re not a defense contractor or a vital infrastructure entity, it doesn’t mean you’re not a target. Obviously the daily threat of cyber intrusions in all the various flavors are always around and absolutely must be addressed by everyone relying on digital information, which is what we help our clients do with our E-Defense System. A plan must be made, vulnerabilities must be mapped and remediated, policies and procedures must consistently reviewed to keep them current and effective, and a big thing which unfortunately gets often overlooked is getting everyone in an organization on the same page about the most prolific delivery system of them all, social engineering. Social engineering vulnerability assessments go hand-in-hand with our penetration testing, and I can’t recall that phase ever getting completed without seeing some wide eyes at the results.”
Caruso summed up with this, “Cyber warfare is not small potatoes and the resources devoted to a substantial attack can be enormous, with real spies plying their trade with boots on the ground, long term surveillance, dumpster diving, the whole nine yards. And truth be told, you never really know if, how, or when you could get mixed up in the crossfire. The receipts fished out of a dumpster could reveal the lead designer at the invisible widget factory seems to like pizza every Friday from the parlor down the street. Would it be easier to hack the invisible widget factory for some personal information on the designer, or would it be easier to pilfer his credit card information from the pizza place and work from there? Client data is a hot item on both sides of the fence and there is a pretty large black market devoted to trading and selling all that data. That’s why every cyber intrusion is so dangerous, not only can a successful data breach be devastating to any organization in the short term, but it could also have far reaching ramifications that you would never even think of because the compromised data ended up reaching the hands of our enemies, and some of the possibilities of what they could do with even personal information can really put some fear into you. But while every organization’s needs are unique and solutions must be tailored to fit, getting on top of both threat vectors is largely accomplished in the same way and must be an integral part of any business plan, corporate structure, or agency design. The need should be obvious, you just have to make the conscious decision to act and call in cyber security specialists to significantly improve your cyber security posture and substantially reduce the threats from wherever they originate, and that’s our turf.”
Joe Caruso is the CEO/CTO of Global Digital Forensics. He has been on the front lines of cyber intrusions and cyber security issues for some of the most recognized entities on the planet for over two decades and has been involved in national cyber security councils serving two US Presidents. To contact Global Digital Forensics and Caruso’s crack team of cyber security specialists and computer forensics experts, call 1-800-868-8189 for a free consultation and let them help tailor a plan that will have you ready for whatever cyber surprises the future throws your way. For more information you can also visit http://www.globaldigitalforensics.co.