Cybersecurity: Defending ‘unpreventable’ cyber attacks

Posted on

That’s the view of James Lewis, a cybersecurity expert at the Washington DC-based Center for Strategic and International Studies (CSIS).

Mr Lewis says that no company can prevent an attack launched by hackers who have the resources of a nation-state behind them from succeeding.

He believes the hackers who breached Sony’s network in late 2014 and leaked huge amounts of confidential information were backed by the North Korean government.

“It is simply not possible to beat these hackers,” Mr Lewis says. “Criminals want to make money, and if they find it difficult to get into your network they will move on to another target.

“But the Sony hack was not done for money – it was politically motivated and vindictive.”

Other experts have expressed doubts, though, over whether Pyongyang was really behind the hack, and North Korea has consistently denied involvement in the security breach.

Government-backed attackers have far greater resources at their disposal than criminal hacker gangs, and if necessary they may be able to make use of “other measures” such as human agents or communications intercepts to successfully bypass any security measures, he explains.

“Government-backed hackers simply won’t give up – they will keep trying until they succeed,” Mr Lewis adds.

This calls for a fundamental rethink in the way the companies calculate security risk and how they mitigate it, he believes.

“Right now most companies are underestimating risk. So the question they need to be asking is, ‘How do I change what I do to take into account this risk?'”

Stay vigilant

Many security experts believe the answer to this question is to focus efforts on detecting security breaches as quickly as possible and then responding appropriately to minimise the harm they can do.

“This is where I would find fault with Sony – not in the breach itself, but in not detecting it quickly, and failing to prevent the exfiltration of large amounts of data,” says Rick Holland, a security and risk management analyst at Forrester Research.

“But this is pretty typical of many companies out there,” he adds.

Effectively many companies have erected high walls to try to deter intruders, but they are failing to post guards on the walls to spot when intruders climb over them.

Mr Holland believes that minimising the damage hackers do when they inevitably force their way on to corporate networks involves making big changes to the way that those networks are designed.

“If you look at the way networks are at the moment, most of them are fundamentally insecure,” he says.

“Once an attacker gets into an environment it’s like a shopping trolley dash but without the clock – you can just take whatever you like.”

He recommends companies make more efforts to segment their networks. This involves separating one part of the network from another in such a way that if hackers get on to the network they only get access to the data in that segment and no more.

Cybersecurity Defending
Cybersecurity Defending

“What you need is a bulkhead approach like in a ship: if the hull gets breached you can close the bulkhead and limit the damage,” Mr Holland says.

Divide and conquer

In some industries, such as oil and gas, there is a practice of “air gapping” important computer infrastructure such as control systems – physically disconnecting them from corporate networks so that hackers can’t get to them from the rest of the network.

While this approach can be effective Mr Holland believes it would be impractical for most businesses, because it would be too inconvenient for employees and productivity would suffer. As a result they would probably close the air gap somehow – perhaps by setting up an unauthorised wi-fi link.

The Sony hackers are likely to have damaged Sony’s reputation significantly by leaking some of the confidential email exchanges that they stole.

One measure that Mr Holland suggests companies adopt to prevent this is to reduce their “embarrassment footprint” by ensuring that unnecessary data is deleted promptly so that there is less for hackers to steal.

“Companies can certainly have too much data, and they need to identify the data they don’t need and kill it,” he says.

This leaves many companies with something of a dilemma, because of the growing popularity of big data analysis. Big data projects require that data is collected and stored rather than deleted so it can be analysed to uncover previously unknown patterns, trends and correlations.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s