Three security lessons after Wikileaks' latest revelation

This week, WikiLeaks once again dominated headlines after releasing what they claim are thousands of documents describing tools and strategies used by the CIA to conduct cyber intelligence gathering. WikiLeaks is collectively referring to the documents as “Vault 7.”

This latest revelation – while not necessarily surprising to those in the cybersecurity world –highlights three major issues in cybersecurity:

  1. Insider threats are, and will continue to be, a major challenge for governments and private companies.
  2. High-quality unknown malware, once the domain of nation states, is proliferating at a rate never before seen.
  3. The introduction of edge computing devices at global scale will shift security software to the center of the argument about safety (i.e. autonomous car malware) and privacy (i.e. is my TV spying on me?).

They are already in your house

If the WikiLeaks account is true, they received the information from a U.S. government hacker or contractor – with authorized access to this information – who then leaked the material.  The Vault 7 leak joins the more than 250,000 diplomatic cables leaked by former Army intelligence analyst Chelsea Manning, and the information taken from the NSA and leaked by Edward Snowden, as another example of a privileged insider exploiting their access to steal sensitive information.

Collectively, corporations spend $12 Billion dollars every year on perimeter-based cybersecurity solutions to keep unauthorized outsiders from penetrating their networks. If an authorized insider decides, they want to steal information – or inadvertently allows access to information – all of that $12 Billion in security tech is worth, well, nothing.

According to research from IBM, well over half (60%) of all attacks involve insiders, either malicious (44.5%) or inadvertent actors (15.5%). A recent study from Accenture found that 69 percent of respondents had experienced an attempted or successful attack from an insider during the prior 12 months.

So facing a serious, and growing, insider threat – what can organizations do?

It is well past time to take a proactive approach to information governance and sensitive data management. All organizations should employ technology to identify what sensitive information is stored on the network – this includes personal identifying information (PII), personal sensitive information (PSI), trade secrets, and other IP. What qualifies as “sensitive” will be different in every organization, but once identified, it needs to be categorized and remediated from any unauthorized locations or users.  Technology solutions like EnForce™ Risk Manager from Guidance Software provide an automated tool to proactively identify, categorize, and remediate sensitive data. 

Malware is proliferating, cybersecurity is a race

The proliferation of sophisticated malware continues to accelerate.  Much as the auto industry relies on F1 and racing divisions to innovate and test new features, nation states, including our own, are on the cutting-edge of development for hacking tools and capabilities. In many cases, private or semi-private contractors are involved in programs, and we are seeing a rapid proliferation of new technologies and tactics to a point where cybercriminals are approaching a level of sophistication once reserved for state-backed operations.  Stuxnet, the malware used to take down Iranian reactors, is an example, where source code leaked into the hands of cybercriminals. At the same time, the distinction between state-sponsored and not become less important for security leaders.

Almost every major attack relies on unique malware at some stage. As the inventory of unique malware continues to grow, security solutions like EnCase® Endpoint Security are critical to detect, triage and remediate threats that penetrate your network. No matter the source, we must prepare to face well-equipped adversaries using the most sophisticated techniques.

Risks are moving from endpoint to edgepoints

As IoT and other connected devices reach global scale, a major shift needs to take place vis-à-vis security. Currently, manufacturers are rushing innovations in connected devices, appliance, even automobiles to market in order to meet huge consumer demand. Unfortunately, we’ve seen security concerns take a back seat.

The result is a glut of internet-connected devices, like “smart” televisions, thermostats, refrigerators, routers, closed circuit television (CCTV) cameras, DVRs and more, with little-to-no security protections. These new technologies – what we are calling “edgepoints” – are often the most vulnerable, can be exploited to create botnets like Mirai, or as the WikiLeaks documents allege, potentially co-opted as listening devices or a means to gather other electronic surveillance.

As more security incidents are reported, cybersecurity will move to the center of the argument about safety and privacy. In another sign that consumer attitudes may be shifting, on March 6, Consumer Reports announced an effort to create a new standard that safeguards consumers’ security and privacy.

Conclusion: Security in a hyper-connected, post-perimeter world

As the number of connected devices continues to explode, security teams must think beyond traditional endpoints (desktops, laptops, even mobile devices) and traditional perimeter-based security mindsets. A breach is no longer a matter of if, but when. This week’s headlines and the daily drumbeat of reported breaches and attacks reinforce this concept.

The organizations leading the security race are already operating under the assumption of continuous breach and employing the right security solutions to identify and remediate the advanced threats that will penetrate perimeter-based security solutions.


Source: Patrick Dennis