There has been a lot going on in the realm of cybersecurity over the past couple of weeks, from RSA in San Francisco (the largest cybersecurity show), to what may turn out to be one of the most devastating cyberwarfare attacks in recent history. The world of cybersecurity is growing, the stakes are high, and business is good—which may not be a good thing.
RSA showcases the rise of the cybersecurity defensive market but reveals an even larger underworld of bad actors
Shiny new technologies and methods of protecting organizations were on display at RSA. From the latest monitoring, detection, response (MDR) and remediation empires, everyone had “THE” solution. However, with all the noise, most chief security officers (CSO), chief information security officers (CISO), and other security executives do not even know where to start. They know even less about where to spend their money, how to deploy resources, or if they have done enough from a spending or hiring perspective to protect against attackers. It was astonishing to see how little most technology executives, even those tasked with leading their enterprise's cyber initiatives, know about protecting their infrastructure. It is no surprise that organizations look to automated solutions to bridge the skills gap of their personnel and technology investments. For automation and proactive cybersecurity programs to be effective, though, it requires a mix of technology, real-world personnel with experience in monitoring, and proven incident response and remediation solutions in the event of a breach. Most organizations are ill-equipped to respond.
There were many exciting announcements at RSA. Microsoft's MSFT +0%Azure Sentinel leverages AI and machine learning to act as a SIEM (security incident & event management) and MDR (monitor, detect, respond) solution to reduce security threats when deploying code, software, and infrastructure. IBM IBM +0%’s X-Force Blockchain Testing seeks to actually put controls and structure to the wild-west of blockchain. The last highlight, ironically, was the US National Security Agency’s (NSA) Ghidra Open Source software reverse-engineering tool-kit for dismantling/analyzing malicious code, viruses, and malware.
RSA is always interesting. Cybersecurity zealots convince themselves they have the best technology mousetrap for the market, but it is essential to understand cybersecurity is not a technology—it is a business strategy. If done right, it may keep some bad guys out, but not all. Organizations must be able to mitigate the damage and reduce hackers’ ability to maneuver throughout their network. It is not a zero-sum game—it is an ongoing war that has no end or resolution. As an industry, we need to find better solutions, processes, and techniques to reduce enterprise attack vectors and we need to become more proactive and less reactive. The best security programs include human elements, such as a security operations center (SOC), and technologies, such as MDR or AI-based solutions, to reduce attack vectors and the damage by hackers/crackers.
Caracas, Venezuela goes dark, and the United States gets the blame
Every critical infrastructure operator is actively working to reduce the likelihood of being the latest victim of a cyber-attack. Unfortunately, the challenge is not upgrading their internal systems—it’s a lack of investment in updating aging equipment. Venezuela's hydroelectric plant is the fourth largest in the world and provides power to nearly 80 percent of the country. This attack has all the fingerprints of a state level hack designed to overwhelm the aging systems and create a critical internal failure (much like the Stuxnet attacks in Iran and the Black Energy attacks in Ukraine). The virus/malware must have been deployed by someone on the inside, which is where, in my estimation, over 80 percent of attacks originate. These types of assaults cause outdated systems to overload and make it impossible for operators to shut them down—causing long-term damage to the overall infrastructure. Although the Venezuela breach was blamed on the United States, it is unlikely that it originated from America; our hackers tend to focus on banking and Internet connectivity. If this was indeed a nation-state hack, which I believe it was, it was likely from China, Israel, or Russia.
I still contend there will be a much larger attack coming in 2019, and most likely on the grid of a major country with less outdated infrastructure.
2019 and beyond
RSA 2019 demonstrated many great examples of coming innovation and technologies needed to address the next generation of cybersecurity technologies. However, as much as we hope to rely on automation to stop bad-actors from hacking and cracking critical infrastructure, businesses, and organizations, cybersecurity requires a holistic, proactive approach that combines technology and human elements. Organizations must allocate resources in a way that is proactive and understands the uncertain world in which we live. 2019 will be an exciting year indeed.