We typically imagine cyberattacks to be loud and aggressive acts of data theft. However, recent incidents have demonstrated a new kind of attack that has taken the risk factor to a new level, and an attack that we must place renewed focus on in the new year.
Since the 2014 attack on Sony Pictures and the 2015-2016 attacks on Ukraine’s national power grid, public awareness is growing that hackers have upped their game by stealthily entering networks, avoiding detection, and quietly escalating privileges and modifying data over a period of months or even years as they prepare their ultimate stroke of theft or destruction. They then unleash devastating attacks that can compromise data, destroy assets, and even endanger lives.
Such real-world consequences are no longer just the stuff of science fiction – they are happening now, and with increasing frequency.
In 2019, we must collectively make it a renewed priority to work toward combating these stealthy cyberattacks that rely on heavily entrenched access to corporate networks and databases. Let’s take a closer look.
New Tools and Opportunities for Hackers
It’s a mistake to think that hackers somehow exist and work within a bubble apart from the wider IT community. Whether working for a hostile intelligence service, a multinational criminal syndicate, or as freelance mercenaries offering network-intrusion-as-a-service, hackers are part and parcel of this community and see the value and potential in new technologies like artificial intelligence (AI) and machine learning in the same way that the mainstream IT industry does – but for different, more sinister purposes.
Hackers can exploit AI and machine learning in various ways. They can use them to strengthen phishing attacks by using analytics, prediction and simulation functionality to improve the apparent authenticity of scam emails in new ways. Hackers can also use these technologies to improve their understanding of a network’s defenses and identify weaknesses to exploit while side-stepping or obscuring their activity from those same defenses.
For these reasons, in 2019, cybersecurity professionals must come to terms with the new threats posed by AI and machine learning and more carefully factor these threats in their defense strategies.
The Public Internet: Is It Fit for Use?
In 2019, we expect a growing number of organizations to reconsider their dependence on the public internet for their operations.
Cybercrime is now a common occurrence, and for a variety of business and regulatory reasons the protection of customer data has been escalated from an important concern to a top priority for businesses. Consequently, savvy organizations will begin planning how to migrate their critical data from storage solutions that rely on the public internet, like the cloud, to more secure “cold” networks that are significantly more difficult for hackers to access.
Many organizations have moved their operations and storage needs to the cloud and have deemed this a forward-thinking initiative. However, like any system connected to the public internet, cloud networks can be vulnerable to cyberattacks, denial-of-service attacks, ransomware, and many other malicious exploits. For this reason, any organization that is serious about protecting its data and other assets must consider moving its online operations onto a more secure private and isolated network.
Easy Path for Cybercriminals
The days of needing to be part of an elite cybercriminal ring to pull off a successful attack are long gone. Today, any lone hacker can easily acquire hacking tools online via underground hacking communities to attempt their own attacks on an organization’s network. These communities work collaboratively and are happy to share the latest knowledge and industry intelligence — along with the latest cyberweapons – for free or at astonishingly low prices. And with search engines crawling the web 24/7 looking for connected devices and systems with known vulnerabilities to exploit, the effort to find easy targets and gain access to the networks they are connected to is now minimal at best.
It’s equally important to understand that IT security experts know they are often on a defensive footing in their fight against cybercrime, while still providing the information and operational technology their businesses rely on around the clock. Hackers have two all-important advantages: ease of access to the free-flowing communal knowledge and illicit tools within their underground communities; and the initiative to decide when and where to apply them.
Compare this to the siloed approach among various corporate IT and business departments. For many, it can be a struggle to collaborate among themselves, let alone with outside organizations.
With access to sensitive corporate data being more indispensable than ever, companies must expect the numbers of cybercriminals to grow, enticed by easy access to guidance and cyberweapons within underground hacker communities, and the promise of huge volumes of data that is easily monetized or, as in the case of the recent Marriott/Starwood data breach, of enormous potential value to an intelligence service.
Looking Ahead
The ever-increasing level of business done online and the promising new world of IoT processes are raising the stakes for the safeguarding of today’s business data to an all-time high. In an age when the public internet increasingly presents a systemic risk, companies that want to conduct business and transfer data with certainty, security and privacy cannot rely on it.
In 2019, we must reassess our understanding of the profile, mindset and destructive ability of today’s cybercriminals to make greater progress in stopping them. The barriers of entry to launching disruptive online attacks have dropped drastically, and these attacks are steadily escalating in stealth and complexity.
The challenge for IT security professionals will be, as always, to prevent, counter and minimize any attempt by hackers to access their networks. The longer hackers must work to gain entry into a network, and the more resources that they’re forced to use, the more likely they’ll be forced to give up and look for an easier target.
In this space, private networks offer a reliable approach to protecting transactions and data in an age in which devices and systems connected to the public internet are persistently and unacceptably open to attack. Ultimately, companies that want to conduct business and transfer data with certainty, security and privacy should not rely on the public internet. For 2019 and beyond, they must begin the move to the use of private, isolated networks as a more practical approach to protecting and authenticating their data.
As Senior Vice President and Chief Security and Risk Officer, Phil Celestini leads security and risk management across Syniverse, including adopting new technologies and building industry awareness of critical threats and opportunities arising from such areas as the internet of things, 5G, artificial intelligence, and blockchain. With a career spanning more than 35 years across government, law enforcement, and the military, Phil brings extensive executive leadership experience in security, risk, and compliance. From 1992 to 2018, he served as a Special Agent in the U.S. Federal Bureau of Investigation (FBI), where he was most recently Special Agent in Charge in Washington, D.C., and where he also served as the FBI’s senior representative to the National Security Agency and U.S. Cyber Command among other roles. In addition to his investigative acumen, Phil is an acknowledged expert in cyber and information security. He earned several commendations and community honors as FBI Special Agent, serving in positions of increasing leadership responsibility in numerous field offices, FBI headquarters, and on the National Security and Homeland Security Councils at the White House. Prior to his FBI career, he served as an intelligence operations officer in the U.S. Air Force. He received his bachelor’s degree from the U.S. Air Force Academy and a master’s degree in public safety leadership from Capella University.