Nation-state cyber-attacks will continue to evolve and accelerate but the damage will be increasingly borne by the private sector – In 2014, nation states around the world increasingly pushed the boundaries of cyber assault to control their own populaces and spy on other nation-states. With no one actively working on the development of acceptable norms of digital behavior on the global stage – a digital Hague or Geneva Convention, if you will – we can expect this covert digital warfare to continue. Increasingly, however, companies in the private sector will be drawn into this war either as the intended victims or as unwitting pawns in attacks on other companies.
That is essentially one of the predictions I offered in my annual end of year letter published on Dec. 2, 2014. Little did any of us know at that time that officials at Sony Pictures Entertainment and the FBI were in the midst of feverishly working to determine the full extent of an unprecedented cyber-attack that was subsequently attributed to North Korea.
The Sony attack, in which nearly 100 terabytes of data were exfiltrated and millions of dollars in damage was done, was a wake-up call for everyone. Suddenly, all companies realized that the list of threat actors they face includes adversarial nation-states, whose resources and capabilities dwarf those of hacktivists and even well-funded, global criminal organizations.
The incident response team that helped Sony determine what had happened after the attack stated that this attack was so sophisticated that no company “could have been fully prepared” for it. While the attack was certainly very serious and a substantial challenge, I beg to differ with that analysis.
We are not helpless in the face of these attacks.
There is something that enterprises can do today to prepare for these attacks – move beyond traditional, perimeter-based security strategies to a modern security strategy that emphasizes comprehensive visibility into and rigorous analysis of activity within our digital environments.
Leveraging big data perspectives, processes, and technologies enables us to spot even the faintest signal of an attack and enable rapid, contextually-informed action to thwart it. Breaches are indeed inevitable, but losses are not. A big data driven security strategy will stop even the most novel and sophisticated of attacks because regardless of how stealthy an attacker may be, at some point, they will have to do something anomalous to achieve their goals, they will be identified, and they will be shut down.
The second thing that we as individuals, enterprises, and industries can and should do is push for the world’s governments to begin approaching cyber weapons with the same care as they do chemical, biological, and nuclear weapons. As I indicated in my prediction, nation-states are testing the boundaries of acceptable cyber weapon use. The damage of the Sony attack is just the beginning of what is possible and we need to take that seriously.
In addition, if we have learned anything over the past few years, it’s that unlike physical weaponry that is limited in terms of its geographical reach and reusability, cyber weaponry is deployable anywhere and virtually infinitely reusable. Sophisticated cyber weapons that are developed by nation-states will eventually fall into the hands of non-state actors who are not restricted by global standards in their use. This is a prospect that should give all of us serious pause. We need to demand the world’s leaders sit down and come to an agreement to take cyber weapons out of our nation-state arsenals.
If we don’t, movies and e-mails won’t be all that we lose.