Cybercrime is expected to rack up $6 trillion in damages by the end of the year, and the largest breaches regularly make major world headlines. Nowadays, it’s not just industry insiders who understand the importance of protecting data and networks, as cybercrime continues to grow more pervasive with 30,000 websites attacked each day, and the average computer experiencing an attack every 39 seconds.
Long gone are the days when a firewall and a set of boxed software were sufficient to fend off the usual computer attack. Just as the internet has matured, so has everything with it, from the amount of personal and financial data that we store online to the complexity of the networks which carry and store that data. And perhaps transforming most quickly is the criminal element, which seems to have a never-ending arsenal of tools and techniques at their disposal, leading to disastrous consequences for businesses, individuals and governments.
One of the best ways to achieve reliable protection is to employ a set of cybersecurity tools that are continually evolving to meet the latest security needs. In this two-part blog series, we’ll take a look at major breaches in recent years that will be shaping how we approach cybersecurity for years to come, while in the second part we’ll explore today’s most important tools while uncovering the future of cybersecurity tools as they evolve to meet the latest breaches and the challenges of tomorrow.
The Effect of Major Breaches on Cybersecurity Tools
Here is a look at a few of the major attacks of the last few years that will be inspiring the creation of the next generation of cybersecurity tools.
SolarWinds
This breach was so effective, that the full extent is still being uncovered. The attack was so widespread because it spread from the original target, a Texas-based technology firm, to their clients. Major firms like Microsoft and leading government agencies all had data exposed. The hackers placed malicious code into SolarWind’s software system, called Orion, which is used by 33,000 customers to manage IT systems. When SolarWinds sent their clients a software update in March, they inadvertently included the malicious code, creating a backdoor into all of the systems where it was installed. This allowed the hackers (believed to be affiliated with Russian Intelligence) to spy on these clients, even allowing them to introduce additional malware for further access to the client systems.
Nobody noticed the attack for months, and in fact, the US Cyber Command, which is funded with billions of dollars to protect America’s networks, never caught on. Instead, they were only alerted when a cybersecurity firm noticed the hack in their own system. Because of the amount of time that it took for the attack to be discovered, it is possible that many of the victims may never know if they actually fell prey to the breach. While the scope of the attack was breathtaking, it was the stealth that is likely to change the future of cybersecurity. Instead of depending on tools that detect and prevent future or potential attacks, it is necessary to also have tools that run on the basis that there is already an attack in progress and are able to respond to an unknown breach. Another change that can be expected from the attack is a closer relationship between US government cybersecurity organizations and private enterprises, as the government was attacked at the highest levels, while remaining completely unaware.
Equifax
In 2017, Equifax, one of the country’s top credit reporting agencies (which holds financial data on nearly all Americans) experienced a severe breach due to a series of errors and missteps. The attack began with a hack through a consumer complaint portal. What made the resulting breach so egregious was that this vulnerability was already widely known. The only reason it had not already been patched was due to an internal processes failure. But that was just the first error among many that led to the enormous attack. From the portal, the attackers were able to easily gain entrance to other servers because the systems were not properly segmented. Compounding issues, data was written in plain text, and not encrypted. Perhaps worst of all, the attack was not detected for months due to the failure to renew an encryption certificate. All of this is to say nothing of Equifax’s bumbling response once they had discovered the issue.
There are three main takeaways from this breach. The first and most important is that cybersecurity tools can only be good at their job if those using those tools are good at theirs. While Equifax had invested huge amounts in high-tech security, their failure to implement a basic patch on a known vulnerability led to disaster. An additional lesson is the importance of silos. If the original attack had been properly contained, then the damage would have been minimal. The final lesson is the significance of data governance. Once the attack was underway, some basic security protocols about how data is released could have easily alerted Equifax, instead, they made the data extremely easy to access. The Equifax breach is a study in how human error and sloppiness can lead to massive cybersecurity failures even when you have the most advanced cybersecurity tools available.
Marriott
In the fall of 2018, international hotel chain Marriott disclosed that it had experienced a breach of a reservation system, which included hundreds of millions of records that contained information such as financial data and passport numbers. It is not entirely clear what caused the breach, as Marriott has been tight-lipped about all of the details, however it seems like the breach started in a different hotel group (Starwood) as early as 2014. Starwood was purchased by Marriott in 2016, and Marriott later discovered the problem with their own security systems in September of 2018. It seems that the attack used two major tools: a Remote Access Trojan (RAT) most likely introduced in a phishing email, along with MimiKatz, a tool for searching for username and passwords within a system’s memory.
The length of time over which this breach occurred provides the most important lesson. As we learned from Equifax and SolarWinds, it’s important to assume you’ve already been compromised and act accordingly. The failure of Marriott and the original hotel group to do so allowed this breach to continue over nearly a five-year period. Another major issue occurred during the merger of Marriott with Starwood. At the time, the Starwood’s IT staff was fired, not allowing for any security continuity within the company. A massive fine levied against Marriott by the British government for the exposure of personal information made note of the failures of the merger. The final takeaway is that while healthcare organizations and financial ones are at this point well aware of their data security responsibilities, other industries, like travel, have been slower to catch on, maintaining laxer standards. But the personal information that a company has in their possession transcends industry in its ability to be damaging if fallen into the wrong hands. Taking cybersecurity seriously is not just for those of us in the cybersecurity industry. In today’s world, the responsibility falls on everyone.
Part II
Stay tuned for part two of this blog post, where we’ll take a look at the primary tools being employed today in cybersecurity, and then explore how these recent breaches will be shaping the tools to meet the cybersecurity needs of tomorrow.
