Terry Roberts, CEO, Whitehawk (ASX:WHK) on last week's cyber attack.
Terry Roberts is former Deputy Director of US Naval Intelligence and CEO/Founder of ASX-listed cyber security firm WhiteHawk (WHK).
The Australian published an article today about last week's cyber attack, with Terry providing insights on what it means and where to from here.
"Speaking as a national security and cyber intelligence executive with over 25 years’ experience, including leading software assurance and architecture bodies of work for Carnegie Mellon SEI, the more hue and cry an attack generates, the more review there should be to ensure it is not a diversionary feint to cover for an entry to a longer-term main objective." says Terry Roberts from Whitehawk.
Terry explains how there's usually a short term and long term strategy behind a cyber attack like Australia saw last week. She goes on to outline the two probable intentions and objectives in this new cyber Cold War we find ourselves in;
"In the first possibility the bad guys are now effectively equivalent to your IT administrators.
You can think of it in terms that instead of being the helpful folks who ask if you’ve tried turning your laptop off and on again, they are now cloaked forces bent on your future disruption, by mapping your networks, potentially waiting for the right future moment to attack.
And in the case of critical infrastructure, “acting” could mean launching a comprehensive sequence of criminal attacks.
In the second possibility – long term reconnaissance – the infiltrators’ totally primo and likely target is an organisation’s personnel files.
It is here that their counterintelligence people can go to work looking for individual personal vulnerabilities – to find the weakest link who can be bribed, flipped, cajoled, frightened, blackmailed or otherwise suborned. As has been the case with the 2015 attack on the U.S. Office of Personnel Management (OPM)."
Terry does a great job of outlining a few steps our CIOs and cyber warriors should pursue;
"First, let’s start with continuous prevention and early warning of a cyber event. The best way to stop people getting into your network in the first place is a suspenders-and-belt approach, which starts with continuous risk monitoring, an adversary outside-in view, to include regular independent “red team” testing and assessments.
The term red team continues the Cold War analogy. They are insiders, good guys, who have been assigned as role players using the breadth of hacker methods from straight forward to highly sophisticated, to test, challenge and tease out the vulnerabilities and gaps of the “blue team”.
Simplistically, before we go to bed at night all of us check our doors and windows are secured. That is what a red team does. And while it’s not possible to prevent all attacks and probes, what’s possible is putting the best locks on your doors and windows, getting an alarm system and to put your jewels in a safe. The alarm system is continuously monitoring all entry points with sensors and cameras. And a 360 physical security company will test the system regularly, vice being complacent.
In this case your jewels are – your revenue, client or proprietary information, financial data or the reputation of your firm, are up for you to decide, prioritise and protect accordingly. The next layer is to put smart encryption or data security technologies in place to protect your valuables, so that you and your team can continue to operate through any cybercrime or fraud event.
There is now a third critical layer that many are missing, independent continuous cyber risk monitoring, alerting, Red Team testing, and internal sensors. These newer and very efficient technologies and assessments leverage publicly available risk data sets and Artificial Intelligence based risk analytics that identify and validate continuously vulnerabilities so they can be mitigated in near real time.
And finally, high value targets, should assume that despite all your efforts that the bad guys are already inside. This means looking for telltale signs of their presence. The real-world analogy would be motion detectors in your yard and, once you’re in bed, inside your home.
You should establish what is normal. And then you look at what is abnormal."
We like Terry's analogy that really put it into perspective for us;
"If there’s activity downstairs at three in the morning, you need to establish if it’s your daughter getting a glass of water or an intruder."
Terry closes by saying that it's absolutely necessary for us to ensure we know what's going on at every given time and occasion;
"It’s old school, it’s paranoid, and it’s utterly necessary in the new cyber Cold War in which we find ourselves.
We must take the virtual world risks as seriously as you take physical world risks – our economy and our safety depend on it."