By Chad Hemenway, Advisen
SAN FRANCISCO—Are we doing enough to understand threat actors and get out in front of always-evolving cyber risks? The answer is: No.
“The key thing is vision and foresight,” said Robert Anderson Jr., CEO of Cyber Defense Labs and the keynote at Advisen’s Cyber Risk Insights Conference here on Feb 12. “If we’re looking at what’s going on today, we’re way behind the threat.”
Anderson, who spent more than 20 years in the FBI and once led its Criminal, Cyber, Response, and Services Branch, said most of the nation’s private sector is not in front of the multi-trillion-dollar cybercrime industry.
“That’s not where we’re at,” he said at the Feb. 12 conference. “One of the things we need to talk about with our clients and our partners in this space is the ability to think past [cybersecurity] as a line item—to stop thinking of it as, ‘This is costing me money. It’s not making me money.’”
It’s a perilous plan forward because the sophistication of attackers is “off the charts,” Anderson added. For instance, ransomware attacks have become much more targeted and can cripple a company. Criminals do the research; they know which organizations—such as local governments and hospital networks—cannot be shut down because it would create havoc or danger. Anderson said there was a time he’d advise a company not to pay a ransom, but since retiring from the FBI, he has worked thousands of ransomware cases and realized many public and private entities are still not taking steps to mitigate this kind of attack.
“When these attacks happen, they are so sophisticated and so planned out,” Anderson said. “Without some type of proactive initiative inside your company, it is going to end badly. We understand now that this is not just debilitating for companies and clients. It’s completely ending some companies.”
Threat actors are also operating outside of laws, or a chain of command that bind public and private companies in the U.S. They are more mobile, and there are likely many, many more people overseas employed by private companies that are devoted to causing havoc or stealing data, Anderson said.
Moreover, the profile of a “bad guy” and the motivations behind attacks have evolved. The line between nation-state and criminal organizations is blurred. It’s harder to tell the difference because theyshare data, or the latter has been hired by the former, Anderson said. Disruption, destruction, accumulation of data for later manipulation or use in political warfare, are as much of a motivation as monetary gain.
Still, many companies maintain a false sense of security, Anderson said.
“Most companies say, ‘I don’t know why we would be attacked. Why would China or Russia or some criminal organization want to attack me? There still – for whatever reason – is this sense of security of ‘I’m not going to be the one that’s going to get hit.’”
Here are some additional soundbites from Anderson’s keynote:
On ransomware attacks:
“I think this can cripple the [insurance] industry.”
On virtual currency:
“What are you going to do when they don’t want you to pay them in bitcoin? The United States government is getting good at figuring out where bitcoins are going. What are you going to do if a larger percentage of the virtual currency providers are owned by the bad guys, and they can control the market and the price?”
“This is a legitimate worry for the United States, and it should be in the private sector because you just can’t tell.”
On artificial intelligence/machine learning:
“True machine learning and artificial intelligence has allowed hacktivists, criminal organizations and nation-states to take data from large swaths across the world and be able to assemble it on the back end of whatever they’re trying to do, which gives them value.”
On the US election:
“Russia never left [since interfering in the 2016 election]. They never stopped looking at ways to defeat us or learn from their mistakes. There’s no doubt in my mind that Russia—and I guarantee you other countries will follow them—will be here for our next election. They don’t care about what they steal. What they care about is showing the world global dominance in cyber.”
Managing Editor Chad Hemenway can be reached at firstname.lastname@example.org