Prepare for increasing 'nation-state' cyberattacks with strategy, not technology
Cybercriminals: 'They are everywhere and we don't know who they are'
Let me pose a question: Is it a bad thing to give the average person a hand grenade with the pin pulled? I think most of us would respond to that question with an emphatic "Yes!"
No one would think it's a good idea to allow anyone without extensive military or professional training to access an explosive -- especially one that is live and has no safety device in use. Bad things would happen and people would probably lose their lives. At the very least, there would be damage to property. No matter what, this scenario would be a very bad thing and should never happen.
Now let me change that question a bit: Is it a bad thing for every person with a network connection to have access to extremely powerful nation-state-level cyber weapons? Hopefully you would respond similarly and say "Yes!"
Just as the hand grenade juggling is a problem, so is the proliferation of nation-state-level exploits. These malicious tools and frameworks have spread across the world and are presenting a very complicated problem that must be solved.
Unfortunately, the existing solution only amounts to a variety of vendors slinging solutions and tools that, without good strategy, cannot effectively combat the myriad of cyber artillery shells being weaponized against every system that touches the web. The bad guys have now officially proven that they can "outdev" the defensive technologies in place in many instances, and they've shown the likelihood that many installed legacy technologies are wide open to these weaponized attacks (anti-virus be darned) across the planet.
Just as there would be a problem with untrained persons walking around with live explosives, we have a problem with possibly explosive outcomes on the horizon. The reality is that NSA-level attack tools and government-"issued" weaponized exploits have leaked online, and within months, the bad guys had reconfigured them for their purposes, attacking more than 100 countries and many multinational companies.
In a few noted and publicized instances, the malicious actors using these tools and frameworks literally reconfigured code blocks and exploit samples overnight to ensure their effectiveness.
How fast can a defensive tool vendor move to fight that threat? Do you think your anti-virus tool vendor will move faster than a cybercriminal organization that has no bureaucracy and no motive other than profit?
An international cyber-criminal organization using nation-state-level exploits is a very bad thing. We should acknowledge the power that these players have and take the necessary precautions to protect ourselves in today's cyberworld, which shows no signs of slowing down in the near future.
I know from working in classified environments for most of my life that there's a reason we tried to keep Pandora's Box shut and that these exploits are extremely powerful. In a massively interconnected world, it's a very bad day when folks (evil or altruistic) on the net have access to what basically equates to tactical cyber nukes -- ask anyone still dealing with the fallout last month.
It will take a long time and a lot of work for the anti-virus vendors and endpoint protection folks to address the follow-on issues that are sure to come (more exploits are coming, of that I am sure). The time for technical preparation has passed, and in many cases, has already proven ineffective. It is far too late to beat the bad guys at their own game and keep trying to "out-tech" them. They move faster and are leveraging more powerful tools that do one thing and one thing only: Find vulnerable systems and exploit the heck out of them.
Strategy and optimality of defensive ecosystems should now be at the front of our minds, not fighting a battle by tossing technology at the enemy and hoping we have the bigger bag of ammo on our side.
Technology can't save your network from these attacks on its own. The strategy you implement and how you use that entrenched secure ecosystem is where the difference will be made.
To learn more about why it's crucial to prioritize cybersecurity in the enterprise, listen to Forrester's latest podcast where security expert Jeff Pollard shares what to learn from the WannaCry cyberattack.