Learning from cyberattacks could be the key to stopping them

Organisations should use major cyber incidents as a way to think through the core of their security strategies in order to prevent or recover better from similar attacks.

"A significant cyber incident is really an opportunity; because it's an opportunity to focus on the core issues that led to these cyber incidents," said Anne Neuberger, deputy national security advisor for cyber and emerging technology at the White House, speaking at the UK National Cyber Security Centre's (NCSC) CYBERUK 21 virtual conference.

Neuberger said that whether it's something like the SolarWinds sophisticated supply chain attack or the Colonial Pipeline ransomware incident, "we know that vulnerabilities across software and hardware can bring on larger concerns", but that looking at the core issues can help everyone improve their security.

"As we look at those issues, we look at them in the frame of them – the entities conducting the cyber hacks – and us, what we need to do to build the reliance, to be able to prevent or rapidly recover from these incidents."

SEE: Network security policy (TechRepublic Premium)

Cyber criminals and other malicious hackers look for vulnerabilities to exploit to infiltrate networks, so questions need to be asked to ensure that networks are as resilient as possible against attacks.

"So we turn to us – which is what we need to do about it. First and above all, shifting our thinking from incident response to how do we prevent, how do we build more reliance, how do we build more secure software?" Neuberger explained.

"How do we ensure, for example, that the systems that we use to build software have best practices like multi-factor authentication, that we've rolled out encryption across our government systems, so that even if an adversary steals significant information, it's difficult for them to use that information?"

She said what much of it comes down to is to "ensure that technology is both secure and easier to use".

"But also shift our thinking to where it needs to be, which is how do we drive prevention and more security, so that we have greater resilience to these hacks?" Neuberger added.

SEE: Ransomware just got very real. And it's likely to get worse

Neuberger's comments came shortly before President Joe Biden signed an executive order in an effort to boost cybersecurity of federal government agencies in the aftermath of the Colonial pipeline ransomware attack, the SolarWinds attack and zero-days in Microsoft Exchange Server, leaving many organisations vulnerable to cyberattacks.

It mandates that agencies have 180 days to implement multi-factor authentication, as well as encrypt data – and agencies that can't meet the deadline will have to explain why they can't in writing.

MORE ON CYBERSECURITY

• Ransomware is now a national security risk. This group thinks it knows how to defeat it
• Colonial Pipeline attack reminds us of our critical infrastructure's vulnerabilities
• White House: Here's what we've learned from tackling the SolarWinds and Microsoft Exchange Server cyber incidents
• Congress confronts US cybersecurity weaknesses in wake of SolarWinds hacking campaign
• The FBI removed hacker backdoors from vulnerable Microsoft Exchange servers. Not everyone likes the idea