In December 2020, public reports emerged detailing one of the most expansive and damaging cyberattacks the US government has ever experienced. Federal officials stated this attack was “a grave risk to the federal government”. This (eight to nine month) chain of cyberattacks permeated thousands of global organizations to successfully breach its target. Ten of fifteen U.S. federal executive agencies reported experiencing data breaches to include:
- National Institutes of Health (under HHS ),
- Homeland Security,
- Agriculture, and
Most notably of the federal agencies compromised, the Department of Energy, home of the National Nuclear Security Administration. Also noted, in addition to the executive branch agencies, several sources reported he US Federal Courts systems, part of the judicial branch, were breached.
An overwhelming majority of the organizations impacted in this web of connected attacks were US-based but Canada, Mexico, Belgium, Spain, UK, Israel, the UAE, and others were also identified as victims of this extensive effort. Before the year 2020 concluded, this series of cyberattacks had become the most damaging cyber-espionage incident in history. The investigations are ongoing and experts acknowledge information about the breach will continue to unfold for years to come.
How could a data breach of this magnitude happen?
These types of compromises require meticulous planning, unlimited resources, and manual interaction by highly experienced hackers. The technique involved a series of supply chain attacks on software widely used by federal agencies and Fortune 500 companies worldwide. Malware was used in the supply chain attacks to exploit necessary resources through connected networks and systems to perform interconnected authentication across victim resources through single sign-on infrastructure.
Supply chain attacks are cyberattacks used to target and exploit less-secure parts in the supply chain with the intent to damage an organization. Industry agnostic, these attacks typically occur in the manufacturing process of a product by installing a rootkit or hardware-based spying components. Notable examples: Target security breach, Eastern European ATM malware, Stuxnex
What are some of the challenges associated with the large corporations and cybersecurity?
Del Alfred, CISSP cited major challenges for large organizations to tackle with lagging cybersecurity infrastructure include: complexity, communication, and economics.
In addition to the complexity of the systems, Del explained, “cybersecurity is a costly long-term investment for massive organizations and require a great deal of coordination and management.” With more and more cyber-attacks increasing across all industries, companies are strongly urged to invest in mitigation strategies to offset the adverse costs associated with data loss, financial & IP theft, the disruption operations, or possibly insolvency.
Complexity. The government, for example, has extremely complex types of systems and on top of that the breadth of systems creates an Achille’s heel. More complexity means more difficulty to understand and protect those systems.
Communication. Challenges in general with cyber in large organizations are due to the very structural and inconsistent nature that occurs during cycles of transition. On average large organizations experience a shift in leadership every five years. Along with new leadership comes new approaches to the organizations’ existing cyber strategy.
Change. Constant shifts in leadership may lead to varying degrees of miscommunication, confusion, and siloes if not effectively managed. Team dynamics are stretched when contrarian opinions disrupt the current direction of security programs. Value-realization rooted in mutual trust and effective communication flow between people, information, and technology is key. Additionally, a clearly defined portfolio value management process must be established to ensure new ideas are aligned with the long-term strategic value of the organization’s existing investments.
Economics. Larger companies with more complex systems struggle with economics due to their bureaucratic nature. These rigid organizational structures equate to time sensitive decisions being delayed due to the large cost and time commitments. IT professionals compelled to persuade business leaders of the urgency, risk, and value of investing in security face are increasingly frustrated when immediate concerns are undervalued and postponed. Organizations must prioritize security as a tenant of their success and cultivate a common goal that delivers long-term value.
Conclusion. Cybersecurity is a long-term investment. In order to realize value, high- performing organizations must have effective communication flow, mutual trust, a defined IT management process, a strive for a common goal. Successful organizations with complex systems have implemented an IT management process which monitors and effectively manages KPIs tied to accountability. These efforts if managed effectively, drives value on long- term investments. Lastly, mutual trust between the business units and IT staff encourages communication flow which in turn drives organizational transformation and strategy aligned with the organizations common goal.
Cybersecurity technologies to consider:
Intrusion prevention systems (IPS): As a proactive network security, the IPS detects incorrect, inappropriate and malicious activity that could disrupt availability and integrity of network and prevent identified threats. These actions include blocking network traffic, dropping malicious data packets and resetting connections. A cost effective approach to apply IPS is off-the-shelf cybersecurity solutions that offers full-fledged IPS functionality.
User and entity behaviour analytics software (UEBA): UEBA solutions monitor user’s actions, location, behaviour and privileges to detect threats in time and in case of network misuse or strange behaviours, the software alerts security personnel. UEBA is useful to detect insider threat, create behaviours profiles, detect brute force attacks, detect compromised accounts and in some ways predict some future threats.
Virtual dispersive networks (VDN): Cryptography was considered useful in protecting information within computers and when information sent over the internet. However, Man-in-the-Middle (MIM) has changed the scenario through cracking encryption of messages. VDN uses military radio technology and applies it to cybersecurity by breaking the message into many regions using different protocols on independent paths thus ensuring each part is encrypted individually. The three key features of VDN are unprecedented security, network resilience and performance of network.
Multi-factor authentication (MFA): As an identity and access management technology, MFA requires the user to provide two or more verification factors to access the digital resource. Along with ID and password, MFA requires additional verification such as ‘something you know’, ‘something you are’ and ‘something you have’ which decreases the likelihood of cybercrime. In the U.S, the National Institute of Standards and Technology (NIST) recommends the use of MFA to protect sensitive data like financial records, email, user databases and health records.
When compared to severity of cyber threats and their impact on business, the cybersecurity solutions are not expensive. An investment in cybersecurity technologies is best bet to increase customer trust, reduce exposure to cyber incident cost and regulatory reviews, and protect valuable assets of the business. An investment in cybersecurity technologies is forward thinking for businesses to value and realize sales, loyalty, opportunities, business agility and stakeholders’ relationships.