UPDATED 11:08 EDT / AUGUST 09 2012

CyberWars 3: A New Business Reality @CyberWars

Ed note: This is the third in a series on Cyber Wars, covering what makes this threat different, and why businesses need to be concerned. This piece focuses on how businesses need to change their security strategies in the face of this new, highly targeted, sophisticated, and persistent threat.

Whether they know it or not, a growing number of businesses are operating in a new business reality in which state-sponsored cyber criminals with deep pockets are taking up semi-permanent residence in business data networks to exfiltrate and, even more frightening, possibly change critical business data.

“There are two kinds of companies,” says CrowdStrike CTO and Co-Founder Dmitri Alperovitch. “Those who know they have been penetrated, and those who don’t.”

This is somewhat of an exaggeration says Securosis Analyst and President Mike Rothman. Actually many companies, particularly SMBs that are not in the financial, defense, or energy business or other areas that interest the sponsors behind the advanced persistent threats, will never see an attack. Unlike malware, cyber-fraud and other forms of normal cyber-crime, these attacks at highly focused.

On the other hand, warns Alpoerovitch, who led the team at McAfee that discovered and investigated Operation AuroraNight Dragon,and Shady Rat, and who made these spectacular cases public, a company’s target status can change quickly. One attacker originating in China compromised 70 organizations including the agencies of several Western governments and companies in several industries including insurance, agriculture, solar power and other green energy companies, and even high tech and computer security companies, he says. And if your company, for instance, is bidding on a contract with certain governments or state-owned companies, particularly in China but in the future possibly others as well, you can expect to be penetrated several months before the negotiations by agents seeking information on your negotiating strategy. Your firewalls will not protect you.

The Operation Aurora penetration of Google was apparently focused mainly on spying on Chinese dissidents. News organizations that covered the Dali Lama have been penetrated. So this new threat is not limited to specific business areas or activities.

In the face of this new reality businesses need to change their strategies. This does not mean that they should abandon their perimeter defenses, which are effective against many threats. “These attacks are not more sophisticated than they need to be,” says Rothman. “If you leave the front door open, the crooks won’t need to find a way in through the ventilation system.”

However, companies must not presume that perimeter defense is enough. “The model needs to change from focusing on prevention only to a variety of measures that leverage prevention but also focus on hunting the adversary within their networks,” says Alperovich. “You have to have a continuous cycle where you are literally searching everywhere within your network and system for the adversary, how they came in, what they are after.”

Companies must also make the attacks more costly for the adversary through more aggressive strategies. However, says Shawn Henry, president of CrowdStrike services and retired FBI Executive Assistant Director for CyberSecurity, this does not mean trying to hack the hackers, which is a violation of law. “I absolutely do not encourage that, and in CrowdStrike we will not do that. I have put a lot of people in jail for violation of Title 18, Section 1030, the Computer Fraud and Abuse Act.”

What CrowdStrike does advocate is to take legal action against the adversary where possible. For instance, says Alperovich, several Western oil and gas companies lost key bids for licenses to drill new oil fields to the Chinese state oil and gas companies apparently after their bidding strategies were stolen as part of Night Dragon. “If they had known what was going on at the time, they could have gone to the host governments and shown them evidence that the Chinese were cheating at the auctions. They could convince the governments to redo the auctions or kick the Chinese out of the auction, engage the WTO, engage in civil law suits.”

Meanwhile, however, companies have to operate on the presumption that they are being penetrated. So how do they move forward? They can seek expert help. CrowdStrike was specifically created by Alperovitch and CEO George Kurtz, also from McAfee, to develop security systems and services to help companies deal with the threat. Securosis and other security consultancies also provide network monitoring and services designed to discover and root out unauthorized penetrations, including those involved in Cyber Wars.

But before IT can do anything, C-suite executives must realize that the threat is serious and costly to the company. Too many companies see data security as simply part of compliance, but that sets a very low bar to penetration.

“It comes down to risk management,” says Henry. “Companies need to understand the potential liability for them, whether through lost revenue or lost business opportunities or damage to their reputation or actual physical damage to their company. When they start to feel the pain, they’ll start to assess how increased security reduces their risk and see it as a worthwhile investment because of the long-term ramifications for failing to make that investment.”


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU