It’s become almost a daily headline in the news now. Equifax Inc. loses confidential information on 143 million Americans in cyberattack. Hackers compromise Deloitte LLP’s usernames and passwords. Whole Foods Market victimized in credit card breach. A steady drumbeat of bad news in online security has many people wondering now if the cyberworld will ever become safe.
What’s perhaps most troubling is that the bad actors are way ahead of the good despite billions of dollars in spending on appliances and security solutions presumably designed to provide protection. The honest truth is that enterprise firms and the U.S. government appear to be no closer in finding an effective defense against attacks than they were two, five, or even 10 years ago when the stakes were lower.
“Last year, Gartner said $100 billion will be spent on security. I can’t believe that anyone who’s involved in that $100 billion expenditure is happy,” said Junaid Islam (pictured), founder and chief technology officer of Vidder Inc.
In a two-part videotaped conversation, Islam spoke with John Furrier (@furrier), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, at the SiliconANGLE studio in Palo Alto, California. They discussed the rise of nation state hacking, new technology solutions and strategies to deal with threats, and the danger posed by unsecured connected devices.
Watch the first video interview with Vidder’s Junaid Islam below:
Nation states pose bigger threat
The threat landscape has gotten more serious over the past year, as the number of high-profile breaches escalates. A major reason for this is that nation states, such as Russia and North Korea, are now sponsoring the development of attack tools, which has moved the hacker profile out of the cluttered corner of a script kiddie’s garage to more sophisticated, government-backed operations where malware can be rapidly produced and launched by well-trained hacking teams.
Evidence of this new trend in cyberwarfare can be seen in the spread of much more lethal attacks, such as WannaCry, a ransomware attack that affected more than 200,000 systems in 150 countries, and Petya, malware that can move by itself stealthily across networks.
“This level of lethality we’ve never seen. It’s a direct result of these state actors moving into the cyberwarfare domain, creating weapons that basically spread through the internet at very high velocity,” Islam said.
Ineffectiveness of tools to defend against cyberattacks is forcing security experts in the private sector and government to reevaluate strategies. That process could result in some fundamental changes in previous ways of protecting the infrastructure, from both a policy and technology standpoint.
“We have to rethink how we share information on a worldwide basis of our solutions,” said Islam, who pointed out that at many high-profile cybersecurity conferences held every year, people attend from the same countries that are attacking the U.S.
“When we figure out a solution, the first thing we do is tell everybody, including our enemies,” he said.
U.S. power grid is vulnerable
There is mounting evidence that the U.S. power grid could soon become a prime target of attacks. In December, code from a Russian hacking group was found inside the system of a Vermont utility. Hackers have also been quietly penetrating computer networks of nuclear power stations inside the U.S., based on investigations by the Department of Homeland Security and F.B.I.
Internet service providers have the ability to control the traffic exchange at peering points, and filtering could be applied to prevent known threat actors from targeting utility systems. “Why do we allow connectivity from outside the United States to power plants which are inside the United States?” Islam asked. “I would certainly block inbound flows from outside the U.S. to critical infrastructure.”
From an enterprise perspective, the challenges are equally daunting. As companies move increasingly toward a hybrid cloud solution, it becomes more difficult to protect data assets across multiple platforms.
“We have to move towards security solutions that can move across hybrid environments and can also work across different roles,” Islam said.
Vidder is part of a growing field of companies that advocates an access control solution based on the software-defined perimeter. Vidder’s software, designed to work in the cloud or data center, doesn’t allow connections from unknown devices or people. “Our number one reason for existing is stopping attacks on application servers or servers that hold data,” Islam explained.
Shrinking the attack surface, particularly in the data center, is one technique that is gaining favor in some industry sectors. This is a model used widely in the banking world, which, so far, has generally managed to avoid many of the damaging breaches affecting other businesses. The solution involves placing encryption and access control technology on a small rack that lives in the data center, providing a fine level of control over who can access cloud resources.
“A small, physically locked-down asset can control a lot of virtual assets,” Islam said.
IoT poses big risk
There is a whole new wave of security concerns about to wash across the threat landscape and it involves “internet of things” devices. As more unsecured connected products enter the market, the possibility that they can be used to leverage attacks rises. One example of this was the denial of service attack against Dyn DNS last year, which created a malicious botnet using 100,000 internet of things devices, such as cameras and printers.
The internet of things problem is highlighted by a lack of any common security standard for connected devices and concerns that the devices are primarily made in foreign countries, which can inject malicious code before shipment.
“By and large, IoT devices are made outside the United States,” Islam said. “It’s something that we need to watch carefully.”
Symantec’s monthly threat report in August documented that the number of web attacks blocked reached 1,159,000 per day. This follows five straight months of elevated web attack activity. The high-profile breaches continue. “We are a truly connected society,” Islam said. “We’ve got to develop countermeasures against this, otherwise the impact will just get worse and worse.”
Watch the second video interview with Vidder’s Junaid Islam below: