Protecting Enterprises From State-Sponsored Hackers
There seems to be a continuous drip, drip, drip of cyber breaches on a daily basis. For example, earlier this month, 12 million patients may have had information exposed in a data breach from Quest Diagnostics, the world's largest blood-testing company.
The only thing we know for sure is that tomorrow some other enterprise will be next. However, what's new is the rising threat of state-sponsored cyber attacks on enterprises. Per the White House, cyber attacks cost the US economy between $50 million and $100 million in 2016 -- the last year quantified. It's likely significantly more today.
However, enterprises need to understand that 22 countries around the world are currently suspected of state-sponsored programs for governmental cyber attacks. And lest you believe that these are all focused on stealing nuclear codes, half of all targets for these attacks are private enterprises, NOT governmental agencies.
World governments are actively investing in building and operating cyber espionage teams to both protect their national interests as well as collect IP for their domestic industries. With this information, they are acquiring expertise, malicious botnets and cyber attack tools to further advance their craft.
Enterprises in developed nations around the world need to understand the high stakes and the need for increased protection. If a company competes based on its Intellectual property in a global marketplace, then it may be a mark for government cyber attacks.
Some nations are more direct about the domestic industries they are interested in building and are tipping their hands as to what intellectual property they are interested in acquiring from specific industries. China for example, has a position paper, "Made in China 2025", which lays out specific industries in which it has a strategic interest in building domestic expertise.
The plan lays out a very aggressive goal of producing 70% of the content in the following industries with Chinese enterprises: IT, robotics, green energy and EVs, aerospace, ocean engineering, railroads, power, materials, medicine and med tech and agriculture engineering. These plans require domestic industries in developing countries to acquire massive amounts of new intellectual property in order to meet this 70% local content threshold.
In parallel, we are seeing aggressive prosecutions for economic espionage. The Justice Department indicted nine Iranians last year for infiltrating 300 universities across the globe for stealing research intellectual property and academic data. In addition, twp Chinese nationals working for the government agency, Chinese Ministry of State Security, were indicted for hacking 45 US enterprises and government agencies including telecom, finance, healthcare, consumer electronics, automotive, biotech, oil and gas, mining and the US Navy. Even France has been called out by the US Attorney General for cyberattacks to steal US intellectual property.
Enterprises don't have the talent or expertise to fight government agents
In this environment where 20-plus countries are aggressively building cyber attack organizations, pouring millions of dollars into ever more sophisticated attack technology, who is the best, most expert person to protect these businesses?
Before we answer that, let's understand the current cyber employment context. Per an international security non-profit (ISC2), there were three million unfilled cybersecurity jobs globally in 2018. There continues to be a global STEM shortage. Job boards are bursting with open positions for IT security specialists.
Given the cybersecurity work shortage, it is neither advisable or practical for every Fortune 1000 business to try to match the security defense capabilities of nationally funded cyber attackers. Enterprises cannot spend enough money individually to have the state of the art automated defenses or hire enough security engineers to fight cyber attacks in real time. We cannot and should not expect the Fortune 1000 to replicate the people and investment of nationally funded cyber groups to protect their most important intellectual property.
In fact, we are seeing tremendous new innovations like the UK government initiative, Cyber Skills Immediate Impact Fund that promotes neurodiversity to help close the security skills gap. This is a tremendous new initiative that taps into groups like people on the autism spectrum for their puzzle-solving prowess to improve cybersecurity through their different and valuable coding abilities. However, initiatives like this alone will take years to provide the additional security engineering talent needed today.
Service and cloud providers could be the expert defenders to protect enterprises from expert attackers
Cloud and service providers are another story. Many of them already have Security Operations Centers (SOC)s manned 24x7 to protect themselves and their customers. Many have real-time defenses and have implemented SDN control planes with automated policy. These systems identify an attack in one part of the network and mitigate the attack, while simultaneously updating all other endpoints with the attack characteristics. They are already staffed with top security engineering talent.
Managed security solutions for virtually all enterprises need to ultimately be the answer. Cloud and service provider SOCs are the only private organization capable of protecting businesses and their most valuable intellectual property. Enterprises can never invest enough individually to have the latest tools and talent to fight the most complex real-time cyber attacks. However, the cloud and service providers have the scale to invest at the necessary level to protect from the most nefarious state-sponsored actor.
We need to fight fire with fire and recognize the Heads of Tier 1 SOCs are the ones who should be protecting the intellectual property of enterprises worldwide. Not 1,000 different IT managers individually.
That said, service providers need to stay vigilant
As telco companies are racing to deliver 5G services, security has, in some cases, taken a back seat to speed. The most recent attack on telcos by the Chinese government is only the beginning. While it wasn't especially intricate, nation state cybercriminals are proving that they are able to exploit the growing vulnerabilities that telcos leave behind as they race to 5G. As we approach the election of 2020, we will a heightened focus as nation states leverage every vulnerability to their advantage. Telcos must be prepared, or the damage could be astronomical.
- Cybereason Details Operation Soft Cell: A Telco Security Disaster
- Telcos: Security Is Not In Your DNA
- Huawei: We're Not a Threat to Our Customers
- Securing 5G Networks: Making Sense of Security Service Requirements
— Mike O'Malley, VP of Carrier Strategy, Radware