The new year is always a good time for reflection. At Circadence, we look back on how cyber security has evolved and think about the dynamic IT landscape to understand where CISOs and security leaders can direct their attention. To learn more, we tapped into our own cyber security expert Laura Lee, Executive Vice President of Rapid Prototyping, to answer some questions for us.
Tell me briefly about your own background in IT security and how the changing landscape has impacted your approach.
LL: I’ve been working in Computer Network Operations for over 20 years and have been involved in developing technology for protocol analysis, secure protocol development and defense strategies. I’ve seen tremendous technology evolution in that time as well as a reprioritization of security practices. In the past, we used to be able to rely more on technology (e.g., anti-virus, firewalls and IDS) but now the human cyber defender is critical. Today, I lead multi-disciplined teams in the persistent development of our immersive cyber learning platform Project Ares, fusing real-world cyber ranges with engaging and gamified learning experiences. Early in my career, my focus was on protecting the networks for large radar and missile systems. For the last decade, I’ve been focused on cybersecurity defense tactics through training and exercises. The shift is a reflection of how cyber security has evolved over time, from being a siloed initiative rooted in government practices to a worldwide business to business effort layered with security complexities and interconnected devices and systems.
How has the enterprise cyber security landscape changed in the past 30 years? Are organizations better off now than they were 30 years ago?
LL: I have definitely seen improvements in enterprise IT, particularly in the last 10 years. There are now standards, like the NIST Cybersecurity Framework, which provides security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyberattacks.
In the beginning of the Internet, we were working more on interoperability and sharing data – security was the last thought. Interoperability, which is the ability of computer systems to exchange and make use of information, was still very difficult when the internet first came into being. People weren’t able to share so much information as quickly, so the need for security systems and secure protocols wasn’t something to be concerned about. As the internet grew, so did the vulnerability of sharing personal data with the wrong people or networks. Online shopping, online banking, social media, etc. made information so easily accessible to hackers, that the focus had to shift to cybersecurity.
Unfortunately, hackers and attacks have improved more than defenders, so we are far from “winning this cybersecurity war”. Not only are there more advanced tools that cybercriminals are rolling out and utilizing, but these criminals have more to gain and operate their hacks like a business. They use well-designed tools, such as FakeLogin and GM Bot, which make it easy for those who don’t necessarily have a technical background to launch a cyberattack. From data mining techniques to the sheer volume of information that many organizations keep on file, hackers can access more and reap a higher reward than ever before.
What have been major cyber security milestones that have altered or shaped this market? Why are these the most significant?
LL: I believe two things have made it harder to win the war against hackers. First, many offensive hacking tools (including previously classified government ones) have been released and are freely available online. These tools are the same ones that white hat hackers use, but for different purposes. While cybersecurity professionals use them to find vulnerabilities and deploy defensive mechanisms to prevent the exploitation of the network, hackers can use them to launch cyberattacks.
While there are many reasons that we need offensive hacking tools, these tools also make it easier for black hat hackers to cause damage by publishing the found weaknesses. Black hat hackers use the information to launch malicious attacks against these networks based on the research gleaned from ethical hacking. This makes the barrier to entry very low for cybercriminals.
Second, the advent of electronic currencies like Bitcoin have helped monetize cyber-crime. Bitcoin is decentralized, with no bank or single administrator, and can be sent from user to user on the peer-to-peer Bitcoin network without the need for intermediates. Cryptocurrency has made it easy for cybercriminals to monetize hacking. Prior to cryptocurrency, hackers used things like espionage, extortion, and identity theft to make money. Each of these methods came with big risks, which cryptocurrencies have solved by being anonymous, unregulated, and easily converted to cash value.
These milestones have been a catalyst for the increasing ransomware attacks, such as the attack on Atlanta in early 2018 where ransomware was used to glean sensitive information from multiple applications and devices used by city employees. It has also increased attacks on healthcare and energy industries, and the recent attack on the Tribune publishing services, which disrupted printing operations and distribution for newspapers. Criminal organizations are always looking for new ways to build cash and cyber-crime has been lucrative for them.
Looking ahead to the next 30 years, or even the next 10, what do you see as the greatest challenges or threats enterprise or IT security professionals will face?
LL: We already have a huge gap in the number of trained cybersecurity professionals (with estimates of over 3.5 million unfilled positions by 2021). Primary and secondary education programs are just rolling out to help teach the next generation of cyber professionals, but the struggle is real since cybersecurity is such a unique and challenging field. To become an expert, you need thousands of hours in a hands-on environment to learn the network fundamentals, attack strategies, defensive tactics and how to adapt to an ever-changing threat. You need to see what an attacker looks like on a realistic network and practice new ways to detect and respond. Cyber professionals must be both broad and deep with continued learning being a lifelong requirement!
As the cyber threat surface expands, so do our defensive teams. However, what we are actually seeing is a widening skills gap in the cyber arena, putting us at more risk than ever because we simply don’t have enough people to defend incoming threats. This is why it is imperative that cyber learning becomes more incorporated into academia. Cyber ranges are a great way to learn the ins and outs of cybersecurity. A cyber range is a virtual environment that uses hands-on learning for cyber warfare skills development. By training students to address real-world attack scenarios, we prepare them for the workforce of the future.