Security interview: The rise of cyber warfare and the role of government

2015 has so far been the year of the security breach, with new hacking reports surfacing on a nearly daily basis.

The most recent, high-profile attack has of course been dating website Ashley Madison, with Web.com and Mumsnet also suffering at the hands of hackers in the last week alone.

We recently spoke to Kane Hardy, VP EMEA at Hexis Cyber Solutions, to discuss the current state of cyber security and how governments can counter the rise of cyber warfare.

  1. To start off with, give us a quick background on your company, Hexis Cyber Solutions.

Reflecting that today’s cyber-criminals are relying on increasingly sophisticated and automated tools, Hexis Cyber Solutions advocates a move towards intelligent threat detection and response.

Our solutions constantly monitor both the endpoint and network to identify threats and authenticate security alerts so that organisations can automatically defend against incidents. By adopting this approach, enterprises can detect, verify and respond to threats at machine-speed before they do damage.

  1. High profile data breaches seem to be happening more and more frequently, what are companies doing wrong at the moment?

Recent attacks, like those on the US government’s OPM department and Sally’s Beauty Supply, have demonstrated that hackers don't just attack once and move on. Cyber-criminals remain relentless in their efforts to infiltrate an organisation so it makes sense that security does the same.

For those organisations that rely on legacy, perimeter solutions then there needs to be a change in mind-set and a move towards real-time active defence that allows enterprises to fight fire with fire.

  1. What should companies be doing differently to improve their security and protect their data?

As we’ve seen in recent times, most of the high-profile security breaches that make the headlines have been targeted at obtaining or leaking certain information. As a result, any company that processes personal data should assume that they will be a target for hackers and rethink their approach to security.

For too long, the majority of security spending has been invested in signature prevention solutions, which fail to detect sophisticated, targeted attacks inside the network. Once a threat has bypassed perimeter defences then it is free to roam undetected and achieve its goals. Savvy organisations are now accepting the reality that they have already been compromised and are planning to introduce new systems or processes that address the ‘response gap’.

The ability to provide persistent and consistent correlation of threat intelligence from within the network and actively respond to it is where existing protection is lacking at both the network layer and endpoints.

  1. Tell us about the rise of cyber warfare and what this means for governments around the world.

We’ve grown accustomed to trusting that public sector organisations have the most secure and intelligent resources in place. However, with the recent data breaches at the IRS and the OPM, we now know that this isn’t always true. Government agencies are gaining more and more ground on the list of breached organisations, causing concerns for employees and the general public alike.

Cyber terrorists, organised crime affiliates and foreign governments are all known to be participating in acts of cyber warfare, with commercial, government and military groups being among the top targets. As a result, it’s no surprise that the number of attacks and records taken from the government is growing.

The Breach Level Index reported that 42 million government records were compromised in 2014. In the first half of 2015, this figure has already risen to 52 million meaning that it’s imperative that government agencies learn how to spot the red flags and start adopting a constant mentality towards security. Ultimately, if the attacks are relentless, then the next logical phase is to adopt a continuous approach to response.

  1. How can governments be proactive when it comes to cyber threats and which countries are leading the way at the moment?

The first step in this journey is for governments around the world to invest more in their response capabilities through a combination of people, processes, and technology. The response mindset also needs to change from episodic or event-driven to continuous response using automation. Only then is it possible to keep up with those attackers who are leveraging all the tools in their arsenal to overwhelm the forces of nation states and address the significant cyber security skills shortage that we’re seeing across borders.

Collaboration and knowledge sharing are also paramount, with the UK and US governments leading the way. For example, we’ve already seen the Pentagon, Department of Homeland Security, National Security Agency and a number of other US agencies join British officials and private companies for a three-week cyber-war game to secure “operational readiness”, which took place in June.

As the threat of cyber warfare continues to grow, we anticipate seeing more of these cross-border initiatives being promoted.

  1. When it comes to cyber security, how important is the sharing of information?

To an extent, the industry has recognised the value of security data sharing and we will continue to see more support for greater collaboration. However, it’s often not within the commercial interest of corporate enterprises to reveal when they have been victim of a breach so progress will be slow with a measured approach towards information sharing being favoured.

However, on the solutions provider side, it’s important to watch the list of zero-day threats being identified, researched and shared collaboratively because these represent threats that are virtually undetectable until they’re recognised for what they are. The organisations which share this information publicly are enabling others to protect themselves and add one more now-known threat to their list of malicious attackers.

  1. What collaboration initiatives are you supporting at the moment?

To support government organisations in adopting next-generation protection against sophisticated threats, Hexis Cyber Solutions is currently supporting a programme by the United States Intelligence Community to create an active cyber defense (SSCD) framework.

This initiative has been designed to provide government agencies with a turnkey system, or reference architecture, that helps them build next-generation cyber security models.

Facilitating a convergence of commercial security technologies from Hexis Cyber Solutions, Palo Alto Networks, FireEye, and Splunk, this framework is been designed to ensure that government and commercial organisations can combat advanced cyber-attacks with policy-driven responses.

  1. 'Be proactive not preventative.' What does this mantra mean for businesses and why is it so important that it is embraced?

Any experienced security professional is aware that it’s not a matter of ‘if’ the bad guys will be successful, but when. This has given the cybercriminals the upper hand and means businesses must now adapt to a new reality.

Spending budget on perimeter threat prevention has not stopped the influx of cyber threats, so investment in technologies that rapidly detect and respond to sophisticated, targeted attacks needs to be a priority.

Only then, will organisations be able to level the playing field and successfully compete against the bad guys.