The hostile nature of the Internet is highlighted by foreboding trends. The FBI’s top criminal priority is cybercrime.
According to the Department of Justice, two out of three U.S. companies have been impacted by cybercrime. The GAO has estimated that losses in excess of $50B have been sustained due to industrial cyber espionage. The British government noted in a 2011 report that U.K. businesses have experienced over $40B in losses due to corporate espionage. These stark realities must be appreciated.
Non-state actors and terrorists are financing their operations through cyber. Sophisticated and organized adversaries use cyber-attacks to target financial institutions and companies that are rich in intellectual property. The economic ramifications of cyber threats and vulnerabilities to the private sector are severe. The susceptibility of our modern interconnected and digitally reliant infrastructures is well established. Plausible deniability does not exist, except in the minds of the uninformed. The SAIC /MacAfee study, “Underground Economies” is fairly damning of the laissez-faire approach to cyber security taken by corporations around the world. A summary of the key findings from the study:
- 85% of their assets are intangible assets stored in networks
- 25% halted a merger, acquisition or product rollout due to cyber-attack
- 50% did not investigate cyber breaches due to costs
- 65% of the executives were worried about wireless and mobile device security and yet their workforces and service offerings are completely dependent upon wireless infrastructure
We often bemoan the stark reality of cybercrime and espionage, but rarely do we take a long look in the mirror. Our lack of appreciation for the sophistication and organization of the adversaries creates an ideal stage for cybercrime.
We must digest the ancient Chinese stratagem: how do we “bolt the door to catch a thief?” First, we must accept that the thief– i
n this case the cybercriminal–will inevitably bypass security controls. This acceptance should usher in a fundamental shift away from the construction of greater perimeter defenses to a focus on increasing the level of discomfort to the cybercriminal once they have penetrated your house. We must demand an advanced persistent response. Spin the chess board to create a digital “knight’s fork” because our enemy has overextended. Think of the threat of data leakage posed by smart phones and tablets. Whether or not the device owner is a miscreant is irrelevant as the device will more than likely be compromised by targeted attacks. How can we create digital provenance via contextual awareness? It starts with greater wireless situational awareness coupled with dynamic management of device capabilities specific to their location and context –enter our baby, ZoneDefense.
Utilizing this stratagem, a compromised device would be unable to exfiltrate data in real time nor attack her physical surroundings because her compliance would be immediately enforced to agree with zone policy.