As pressure grows on governments worldwide to take decisive legislative action to protect vital networks, data and infrastructure, there is a growing acceptance that despite its vital role, regulation alone cannot address the challenges posed by nation-state and criminal cyberattacks.
The pressure to act has been growing. Among the devastating attacks mounted on public sector IT infrastructure in countries around the world, the now infamous SolarWinds incident arguably did more than any other to push politicians into action. While both the US and UK governments blamed Russia’s Foreign Intelligence Service (the SVR) for the supply chain attack, the Russian government refuted the claims in an exchange of rhetoric reminiscent of the Cold War.
Moreover, the head of the National Cyber Security Centre (NSCS) recently said that criminals based in Russia and its neighbors were behind the most “devastating” ransomware attacks seen in the UK. Indeed, the problems associated with ransomware alone have been unprecedented. Earlier this year, a group of over 60 organizations around the world, including Amazon, Microsoft, the FBI and the UK National Crime Agency, formed the Ransomware Task Force (RTF), calling on governments to take action. In releasing recommendations to address the problem, the organization not only described ransomware as a “danger to public health” but also a “national security threat”.
In the most high profile developments of national cybersecurity policy, May’s Presidential Executive Order (EO) established the urgent need for change, with a particular focus on accelerating the pace of investment and modernization required to improve the nation’s cybersecurity. Public and private sector cooperation is seen as key, with the EO establishing a range of deadlines to enact policy.
Soon after, US lawmakers introduced a bipartisan bill that will require businesses to report cyber incidents to the government. The underlying objective is that it will allow authorities to “mobilize to protect critical industries across the country”.
Raising the Bar
While the moves to bring in tougher laws and compliance standards represent an important part of a wider process to increase the levels of protection, without better technology solutions, sophisticated nation-state adversaries are likely to stay one step ahead of the curve. Few would argue that government-led enforcement is key, but there are obvious limitations on the jurisdiction of any domestically-drafted bills, particularly when illegal activities are state-sponsored, and by definition, covert.
These developments also acknowledge that cyber has joined land, sea and air to become the fourth contemporary battleground. From a risk/reward perspective, it’s a theater of operations that offers a lot of advantages. For instance, attacks can be carried out with little or no repercussions, yet have devastating practical consequences. Attackers are not waging war or committing acts of aggression in the traditional sense, and there are as yet few examples where attacks have caused human casualties. However, each incident adds to the underlying tension and suspicion that exists on the international stage.
In practice, the ability of public sector agencies to deliver improvements depends on addressing a range of priorities and risks, such as those presented by infected files and documents. Created and shared in their millions between individuals, teams and organizations, they represent a major attack vector that is constantly being exploited.
A major part of the problem is that while most organizations understand the need to fend off file-based malware and ransomware, too many still rely on a completely reactive response based on established antivirus and sandboxing technologies to protect their valuable files and everything they contain.
While this offers a degree of protection, the problem is that nearly 70 percent of malware found embedded within files is of an unknown variant when it is received. In effect, this malicious content is invisible to reactive cybersecurity technologies, leaving users with a major gap in protection and a potentially catastrophic security blindspot. Without more effective strategies, many organizations rely on a flawed combination of ineffective technologies and user training to ensure that suspicious files and links aren’t opened.
As the ‘weaponization’ of information technology escalates at an alarming rate, organizations must significantly improve their ability to proactively identify and defend against attacks, irrespective of their source and motivation. Failure to do so will leave more organizations at even greater risk of disruption and damage, tactically outmatched by adversaries who are relying on the weaknesses inherent in many of today’s IT networks for their success.
Sam Hutton is Senior Vice President — North America at Glasswall. Sam prides himself on offering perfect partnership (and true collaboration) to organizations all over North America. Because with over 20 years’ experience in selling and delivering solutions to financial, security, defense and commercial sectors in this space, Sam knows even the most cutting-edge technology needs the best team of people to support it.