We’ve had tremendous feedback since we announced ThreatWarrior™, and we appreciate all the kind emails and comments that have poured in. In a previous blog post, I mentioned that with the creation of ThreatWarrior™, ThreatWarrior felt compelled to assist in the cybersecurity space. Some were curious to know exactly what we meant by that. What did we see happening and just how serious were the cyber threats that made us feel this way?
The truth… it’s bad, and probably worse than most of the general public are aware. Sure, we all see the media frenzy when mega-corporations like Yahoo, Target and Home Depot are hacked. These are sensational because of brand popularity and the massive numbers of potential people impacted, but in reality, you’ll never even hear about the majority of cyber attacks.
Because of all that, in this blog post, I want to explore the severity of cybersecurity issues facing our nation – what’s causing this epidemic, who are the players and why is it growing worse?
Let’s dive in.
Critical national security issue
The connected world has changed everything. Amazing advances have come from the hyper-connectivity, but there’s also a dark side to it. Strangers can reach out and knock on the door of your home or business’ Internet router, sometimes “walking in” uninvited and undetected.
Never before has there been such direct access to our values, infrastructure, economy and entire way of life. Everything is connected and the military and civilian worlds have become intertwined. From our personal lives to government to telecom to banking and everything in between, cybersecurity is a critical national issue.
It impacts every one of us in a combination of ways – some major, some minor – and, frankly, given the magnitude of associated risk to the general population, I’m surprised officials don’t share more about this with citizens.
Constantly connected means constantly at risk
It’s truly amazing how technological advancements continue to connect people in new ways, making it easier to share information and keep in touch with everyone, everything.
As a personal example, let me take you back to 1995. I was living in the US (I’m from the UK), and it was incredibly expensive for me to call home to talk to my parents. It was inconvenient, and calls were charged by the minute. Cut to today, I can FaceTime my family for free. Technically “at no additional cost” because I pay for my Internet connection, but I digress. Plus, there’s the added benefit of a face-to-face connection, regardless of where any of us are at.
Unfortunately, last year, my father got sick and passed away before I was able to fly back to see him. However, because of the technology available today, I was able to connect with my family and speak to my father before he passed. A terribly sad event, but I am forever grateful for the opportunity to have talked with him, thanks to current technological advances.
My point is we live in a constantly connected world. Family, friends, even strangers share everything. The Internet is full of information. Some is accurate, some not so much, but you can pretty much find anything you’re looking for.
As a society, we overshare everything. We post news, photos, geo-information, and details about what we’re doing, thinking, feeling… the list goes on. The harsh reality is that all of this information is an advantage for anyone looking to exploit an organization, a nation, or further an agenda.
Earlier this year, I visited Tyndall Air Force Base to see the F-22 Raptor, which is a truly awe-inspiring fifth-generation stealth and tactical fighter. The security was strict – no photos of the F-22 were allowed, and our group had to turn over cameras and recording devices to ensure compliance.
However, afterward, a simple Google search turned up all the photos I wanted. I found pictures from varying angles, different views, and of all parts of the aircraft.
Cyber Cold War
This abundance of searchable information must make former Cold War operators shake their heads in amazement. Our freedoms and early adoption of technology provide us an immense societal value, but they also create an exorbitantly porous nation, with information flowing readily throughout. While a benefit to us, this information is an intelligence boon for actors who do not have our best interests at heart.
Because we so willingly provide this amount of data, it’s easy to harvest. Outside players can create conversations, build dossiers, or insert alternative news into our population to change narratives and drive specific agendas.
On top of all this, the Internet provides relative anonymity to those who know how to stay behind the scenes. This enables adversaries to perform false-flag operations against our nation and our businesses, attributing the blame to others or making the attack source difficult to determine.
No sane nation would choose to engage in military conflict with the United States. The technological capabilities of our military are incredible. However, war now starts with packets of data, and beachheads are first established on adversaries’ networks.
Cyber is a new branch of warfare, and an attack vector for which we do not have the overwhelming advantage that we do in conventional warfare. Starting a cyberwar could ultimately lead to a conventional war, but cyber lets you attack from the shadows, moving stealthily to attribute blame, influence and stage operations.
In fact, global cyber warfare grows increasingly malicious, and the line between war and peace gets blurrier every day. It’s been going on while you’ve been reading this post.
And while technically advanced, the US is not ahead in cyber combat. The nature of our data-porous society, and the fact that in the cyber world we’re on a level technical playing field as other nations make cyber warfare a real challenge. There is a Cyber Cold War currently raging, being fought daily as rogue actors leverage the latest techniques to attempt to gain a foothold within our infrastructure, businesses, governments, and hearts and minds.
I’m not a government agency or a large business, so I’m safe… right?
While this is a common thought, it’s completely incorrect. Small businesses are actually the biggest targets. They can be used to “launder” attacks against larger targets, and they’re easier to breach because they typically do not have as much awareness of cyber attacks.
But even if they did recognize their own vulnerability, these budget-conscious organizations do not have the means to protect themselves as effectively, using the same robust cybersecurity solutions that larger organizations and government institutions can employ.
Because of this weaker-by-comparison security posture, once inside the network, hackers can remain undetected for extended periods of time – some perhaps never being discovered. With eyes, ears and data siphons inside an organization for such quantities of time, information is easily extracted or altered. Plus, if the smaller company ever connects with a larger one, those connections can be leveraged to gain access into the larger business’ systems.
The hackers… they’re everywhere!
No matter the size of the organization you own or work for, or what industry you’re in, you are a target for hackers. Most people are familiar with that term. They might not comprehend exactly what it means or what a hacker is capable of, but they understand the general idea.
What many people don’t realize or account for, though, is that “hacker” is just an all-encompassing umbrella term. There isn’t just one level, one type of hacker. There’s a variety of malicious cyber actors, each with their own methods, drives, and agendas.
Here are a just few of these different types:
Hacktivists – Target organizations that represent a cause. Their goal is to disrupt operations, get revenge or change business practices in order to promote their own social or political agenda.
Cyber Criminals and Organized Crime – These attackers are generally looking for financial gain. Ransomware attacks, identity and credit card theft are common avenues of assault. When discovered, these attacks typically cause damage to business brands, resulting in lawsuits and loss of consumer confidence.
Insiders or Former Insiders – This type of attacker already has access to the network. It could be a disgruntled employee, someone who sympathizes with an outside cause, or even an ex-employee still secretly connected. They could be looking for monetary profit, personal advantage, or revenge. Their attacks could result in loss of assets, disruption of business or disclosure of trade secrets.
Nation States and Intelligence Services – These are your heavy hitters. Well-funded groups with advanced assault capabilities, typically beyond the defense capabilities of the organization’s they’re attacking. They are typically seeking political, economic or military advantages, and damages from their attacks can be catastrophic.
OK, so don’t I just need to stay on top of my software patches?
You should absolutely keep your systems current and patched with the latest security updates. However, this is easier said than done. Some vulnerabilities that allow access to your network are unknown by the vendor or security manufacturers, so they haven’t released a patch yet. These specific attacks are called zero-day attacks, because they are publicly unknown before becoming active, leaving zero days to create a patch.
Other times, for compliance reasons, a company cannot immediately apply a patch and must first test it, creating a delay in cybersecurity coverage. Of course, this doesn’t protect you from insider threats, or former insiders, with knowledge of how to regain access to your systems.
The truth is, your networks are likely to be comprised by at least one category of hacker. Connecting your machine to the internet results in an automatic barrage of hacking attempts, which most are unaware of.
The threat landscape is advancing, your cybersecurity should be too
These are the realizations we had which prompted the creation of ThreatWarrior.
Put as simply as possible, we assume your networks will be compromised. When that happens, the malicious code or hacker will begin operating in ways that are different from the normally observed behavior on your network. ThreatWarrior will detect these changes, even in the case of zero-day attacks, and raise them as threats for further examination. This accelerates response speed and provides the critical time you need to secure and quarantine your operations.
The IoT, mobile and connected devices continue to expand possible opportunities for attacks, and attack techniques evolve every day. Governments are creating cyber weapons, corporations are becoming foreign military targets, and elite cyber actors (state-sponsored and rogue) are using increasingly innovative techniques to breach your data. Traditional cybersecurity methods cannot adapt on their own to these evolving cyber threats, but ThreatWarrior can.
Using a unique, multi-engine approach with artificial intelligence and unsupervised machine learning, ThreatWarrior constantly transforms like human DNA to adapt to new risks in an always-changing cyber landscape – growing to recognize, alert to and neutralize new threats as they occur. More on that here.
So while the cybersecurity landscape continues to grow more aggressive, I advise that everyone stay up to date on current cyber trends, threats and solutions, no matter your industry or business size. Trust me, you’ll thank me later.