- Cyber attackers have a natural advantage.
- The cloud, front door authentication, and “in transit” data are key areas trending for would-be attackers.
At a recent Center for Strategic and International Studies (CSIS) event, “Tilting the Playing Field: How Misaligned Incentives work against Cybersecurity,” speakers gave their insights into some of the trending issues in the cybersecurity space. Here are the highlights:
A Tale of Two Strategies
Cyber attackers engage in a different set of strategies and tactics than cyber defenders. Often, this shifts the balance of power in favor of the attackers. That’s because attackers operate in a more fluid, non-constrictive environment than defenders. Cyber defenders within organizations must follow procedures and gain approvals, making them far less agile than attackers. Therefore, defenders face a twofold challenge. Formulating a strategy that makes them as nimble as attackers, and implementing the strategy effectively.
Infamy and Cash
For hackers, the two most powerful incentives for successful attacks are notoriety and money. Cybercrime has evolved into a frighteningly organized ecosystem, with everyone affiliated to (and highly incentivized by) a group or syndicate. While notoriety and monetary motives are high-level incentives for attackers, they still need to formulate a tactical game-plan to accomplish their goal in the quickest, most-efficient, lowest risk way possible. Technologies or attack methods that create these conditions are those that malicious actors are incentivized to use.
Front Door Access
One trend that is becoming evident is attackers seeking to breach the cloud. While moving large amounts of their workload and data to the cloud provides efficiencies for organizations, it also provides more of a central target for hackers. Cyber criminals are increasingly seeking to penetrate cloud infrastructures where companies house their “crown jewels” to gain a lot of data in just a single attack.
Criminals are also focusing more on authentication and credential attacks. These attacks grant “front door access” into various systems via credentials that appear to be perfectly valid. These kinds of attacks are increasingly common, and lead to the highest percentage of cyber breaches. Finally, hackers are now going after “in transit” data that is actively moving through any network, public or private. For many organizations, in transit data has lower encryption standards than “at rest” data on a hard drive, making it potentially low hanging fruit for hackers.
Information sharing between the public and private spheres presents a separate set of issues. The key problem is that, once information is handed over from a private to public entity, it becomes classified. The result is that the industry often knows more than the government does. That being said, information sharing can serve to reduce costs and avoid duplication of defense efforts. The primary instinct when it comes to shared public and private data should be mitigating the damage as well as disrupting the breach.
Today’s cybercrime market is competitive, decentralized and innovative. Attackers are often chasing incentives that are far more powerful than defenders. Strategic steps are required to motivate implementers and create integrated, agile defense networks.
Author: Josh Rittenberg
Josh Rittenberg is the Founder and Editor of Breach Memo. He is an attorney in New York City who first became interested in emerging threats while working as an analyst at the Center for Strategic and International Studies (CSIS) Transnational Threats Program in Washington, DC. He has been published by NPR, The American Lawyer, Corporate Counsel, and the CSIS Transnational Threats Update. The views expressed in this blog are his personally and not those of any other person, organization, or other entity.