Cyber Security: Defending Against an Escalating IT War

cyber-security-0114In July of last year, I received an invitation to attend an event, one like I had never been to before. Now I’ve been to my share of AV events and even a few on IT, however this one was very different and brought on great intrigue as well. The event was the Cyber Security Summit 2013, which took place in September in New York City. It was a subject I had become very interested in and attending this event seemed to be a natural progression of this interest in cyber security. There I met with companies that provide network management and security, threat analysis and protection, mobile device security and even one that provides cyber security insurance. I had actually planned on writing this blog after attending the event, however one thing led to another and it was back-burnered. The urge to write it returned recently and I decided to finally put it on paper.

In the world today, attacks are taking place in a way that, in essence, few can see coming. They are not happening on the ground or in the air, they are occurring in space — cyber space. Numerous high profile cyber-attacks have occurred in the recent past and not only were the attacks considered detrimental to the organizations’ overall operations and bottom line, they all made front page news for the entire world to see. These attacks, more commonly known as breaches, exploit weaknesses in an organization’s network leading to an invasive infiltration of the network.

The following are several of the major breaches that occurred in 2013:

Adobe: On Oct. 3, Adobe revealed that it had been the victim of an attack that exposed customer IDs and encrypted passwords. At the time, the company said that hackers gained access to encrypted credit card records and login information for around 3 million users. However after further investigation the number of affected accounts had turned out to be much higher. The attack actually involved 38 million active accounts.

Snapchat: On Dec. 31st, Some 4.6 million user names and phone numbers were leaked online by hackers who took advantage of a recently published Snapchat API (Application Programming Interface) exploit. Snapchat had been warned by one security group of potential risks days before the breach, but downplayed the issue in a blog post.

National Security Administration: Edward Snowden, a disgruntled former contractor for the National Security Administration (NSA), leaked information about NSA surveillance, jeopardizing the lives of U.S. troops — according to a classified report from the Department of Defense cited by leading members of the House Intelligence Committee. The report revealed that Snowden had downloaded 1.7 million intelligence files in the single largest theft of secrets in the history of the United States.

Target: In what is being considered the worst private-sector breach in U.S. history, it was initially reported after the Christmas holidays that personal information — including phone numbers and email and mailing addresses — was stolen from as many as 40 million customers in a pre-Christmas data breach. On Jan. 10th of this year, Target issued a follow-up report stating that the massive attack may have affected up to an additional 70 million customers, bringing the total to almost $110 million. It was determined that the breach occurred through an infestation of the point-of-sale system at Target checkout counters leading to exposure of the millions of credit and debit cards. The cause? It was discovered in recent days that the Target POS systems were hacked by a 17 year old Russian teenager who created malicious software identified as BlackPOS. BlackPOS was also used in another recently announced data breach of chain retailer Nieman Marcus.

A recent article, “A Tale Of Two Cyberheists” details the Target and SnapChat breaches.

Cyber Security Defined

Cyber security (or computer/IT security) is information security as applied to computers and computer networks. The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction. In the cyber-crime world, a hacker is an individual who focuses directly on targeting and raiding the security mechanisms of computer and network systems. The less security mechanisms set in place, the easier it is for the hacker to enter the network and follow their plan of action, whether it be stealing an organization’s sensitive data or injecting malicious software (otherwise known as malware) into the network. A hacker may work alone (for example a disgruntled employee) or may be part of a “state-sponsored” ring. They are for the most part devious, brazen, and above all out to create disruption and even havoc on a grand scale. An article entitled “Masters of the cyber-universe” details China’s state-sponsored hackers and describes them as ubiquitous, and totally unabashed. As threat methods continue to evolve where hackers are driven to do anything and everything to infiltrate an organization’s network, enterprises in response continuously need to shore up their network security operations.

It was recently reported that Healthcare.gov, the most flawed government web endeavor in U.S. history, was breached — in four minutes. The recent breach though was not committed by a hacker, the website was hacked by a computer security (and hacking) expert who had no trouble stealing identity information, if that was his mission. In fact, he was able to gain access to almost 70,000 personal records of Obamacare enrollees. Security holes that exist in the website have been known and reported for months, however they have yet to be fully repaired.

Cyber Security and the Cloud

Cloud service companies, which collect information on a substantial number of users, have over the last few years become major targets for hackers and cyber-criminals. Cloud-hosted storage through companies like DropBox has become a popular method for storing files and data in a non-physical network environment. While DropBox remains one of the most popular cloud storage providers in the world, they have been hacked — twice. DropBox claimed that a breach suffered in 2012 led to a recent incident in 2013 which leaked e-mail addresses to spammers. Another cloud storage breach of notoriety occurred in February 2013 and affected users of the well-known online storage service Evernote. Evernote warned users in March that unknown attackers had compromised its system and gained access to the information of more than 50 million users, including encrypted password files. Evernote assured customers that data and payment information was safe, however they did have to conduct a password reset for the 50 million affected users.

In defending against cyber-attacks, companies that offer protective services have begun to offer cloud-hosted solutions to go along with network enabled hardware. One such company, Thales Group Inc., a well-known cyber security solutions provider offers a cloud-hosted security solution. Known as CYRIS, the solution incorporates security for data protection and virtualization, as well as access and identity management. Dell SecureWorks, one of today’s most sophisticated cybersecurity offerings, offers cloud security services covering risk assessment, incident response, security architecture and more.

According to a poll survey published in DefenseNews, the government now considers cyber-attacks as the single greatest threat to U.S. national security — nearly 20 percentage points above terrorism. In response to the threat of cyber-attacks, The U.S. military is currently working on a joint effort through the Defense Information Services Agency (DISA) and the Department of Defense, with a goal to create a program known as the Joint Information Environment (JIE) which will allow for synchronization of efforts among the branches of the military. JIE is being considered one of the largest joint U.S. military efforts that has ever been attempted. The objective of the program is to create interoperable cloud-based networks and services with cyber operation capabilities to deliver secure voice, data and intelligence. According to plan, the JIE will include networked operations centers, data hubs and an identity management system with cloud-based apps and services.

Security in a BYOD World

Mobile devices are now being viewed as the greatest security threat existing today. As BYOD program implementations continue to proliferate, threats posed by employee owned mobile device also continue to be a main concern of enterprise IT departments. Lost or stolen devices are considered the largest risk to an organization, where if they end up in the wrong hands, sensitive data can be exposed. Malware attacks of mobile phones are also on the rise. As the use of smartphones becomes more critical to business operations and collaboration, hackers are spending more and more time creating different versions of their PC-based viruses to infiltrate mobile operating systems as well.

A dramatic increase in attention being paid to enterprise mobile security solutions coincides with the rapid deployment of BYOD programs. Along with such implementations, mobile threats have become increasingly common. One such protective security measure for an organization’s BYOD program is enterprise mobile management which is implemented through third-party solutions providers. One of these providers is AirWatch, an industry leader in enterprise mobile management solutions. AirWatch offers a cloud deployment option which delivers an end-to-end EMM platform hosted in managed global data centers. The platform implements strict security policies that ensure that data accessed by mobile devices is fully secured and protected.

In closing, along with my great interest in Unified Communications, cloud and mobility/BYOD, cybersecurity has presented a whole new world of technology that has also significantly grabbed my interest. Being on the cutting edge of such technology subjects has led to expanded horizons for me in the realm of AV and IT.  While cybersecurity may not yet be a focus of the industry, with the ongoing threat to whole enterprise operations in numerous realms of business, a stronger look may be possible in the time to come. As for those of us who may currently show great interest, this ever-expanding world of AV/IT technologies may just bring to us a strong focus on such aspects of technology we may not yet have considered possible in the grand scheme of things.

In essence, the possibilities now are endless…