Organizations need to have better plans in place to prevent cyberattacks, but they should be more transparent about when they do fall victim to hackers in order to prevent others from meeting the same fate, according to the former head of the US National Security Agency (NSA). As director of the NSA and Commander of US Cyber Command from 2014 to 2018, Admiral Michael S. Rogers oversaw cybersecurity during a period of time when the threat of cyberattacks from criminals and foreign government-backed hacking operations grew significantly.
This is a great idea and it is already in use. Red Sky Alliance was founded in 2011 for businesses to discuss cyberattacks and strategies to defend against them. Please visit our portal at https://redskyalliance.org
While companies can act individually to improve their own cybersecurity, Rogers believes that for the best possible benefit companies need to share strategies, techniques, and best practices for defending against common cyber threats, particularly when attackers seem to be able to deploy the same techniques, again and again, to go after different targets.
"One thing that really frustrates me and I used to say this when I was in government with the senior leadership of our nation I wanted that the pain of one should lead to the benefit of many," said Rogers, now an operating partner at Team8, a cybersecurity venture group. "Why do the same techniques keep working over and over and over again? We're talking years the same techniques literally used for years. One of my takeaways was because we don't talk or acknowledge this activity. Most companies do not want to publicly acknowledge a cyber penetration," he said.
It is still uncommon for organizations that are hit by cyberattacks to go into detail about what happened, such as by explaining how cybercriminals were able to enter their network or what needed to be done to secure it after an attack. That means that there is no opportunity for other companies to learn useful information about the incident that they can then use to prevent attacks. That is something Rogers says has to change and he believes there's already a successful model to follow in the collaborative nature of how the aviation industry investigates incidents.
"In the US, we use a structure that says any time there is an aviation accident, the government steps in and there is a formal investigation," he said. "We determine the causes and the mitigating factors, we publish them and then we say, given that, what changes do we need to make? "It's an indicator of the effectiveness of that methodology, they tend not to continue to recur, the same cause repeatedly over time, because we're able to address problems." Rogers continued, "That is not the case in cyber, so I'd like us to learn from some others," he said.
By learning from the mistakes of others, organizations can be provided with the information and guidance necessary to make their networks more resistant and more resilient to attacks. Because ultimately, if carrying out successful campaigns is more difficult for cybercriminals, they're going to find it harder to make money.
"We've got to become much more resilient and able to continue to operate, because if we can continue to operate it buys us more time and, quite frankly, it also reduces disposition on the part of many companies to pay a ransom," said Rogers. "If we make this less lucrative for criminals, you won't see as much criminal activity," he added.
For Rogers, the challenge now is for organizations to focus not just on keeping malicious intruders from gaining access to their network, but also on having plans in place to ensure they are able to continue operating in some capacity, even if hackers have breached the network.
"Cybersecurity needs to include, not only cyber defense, but we need to spend a whole lot more time thinking about cyber resilience. So if, despite my best efforts, an adversary is going to be able to penetrate my network structure, what are the tools, what are the methodologies, what are the capabilities, what can I do to try to maximize my ability to continue to operate?" he said.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
• Reporting: https://www.redskyalliance.org/
• Website: https://www.wapacklabs.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
Comments