In 2014, nation states around the world pushed the boundaries of cyber assault to control their own populaces and spy on other nation states. With no one actively working on the development of acceptable norms of digital behaviour on the global stage — a digital Hague or Geneva Convention, if you will — we can expect this covert digital warfare to continue. Increasingly, however, companies in the private sector will be drawn into this war either as the intended victims or as unwitting pawns in attacks on other companies.
That is essentially one of the predictions I offered in my annual end of year letter published on 2 December 2014. Little did any of us know at that time that officials at Sony Pictures Entertainment and America’s Federal Bureau of Investigations were in the midst of feverishly working to determine the full extent of an unprecedented cyberattack that was subsequently attributed to North Korea.
The Sony attack, in which nearly 100TB of data was exfiltrated and millions of dollars in damage was done, was a wake-up call for everyone. Suddenly, all companies realised that the list of threat actors they face includes adversarial nation states, whose resources and capabilities dwarf those of hacktivists and even well-funded, global criminal organisations.
The incident response team that helped Sony determine what had happened after the attack stated that this attack was so sophisticated that no company “could have been fully prepared” for it. While the attack was certainly very serious and a substantial challenge, I beg to differ with that analysis.
We are not helpless in the face of these attacks.
There is something that enterprises can do today to prepare for these attacks — move beyond traditional, perimeter-based security strategies to a modern security strategy that emphasises comprehensive visibility into and rigorous analysis of activity within our digital environments.
Leveraging big data perspectives, processes, and technologies allows us to spot even the faintest signal of an attack and enable rapid, contextually informed action to thwart it.
Breaches are indeed inevitable, but losses are not. A big data-driven security strategy will stop even the most novel and sophisticated of attacks because regardless of how stealthy an attacker may be, at some point, they will have to do something anomalous to achieve their goals, they will be identified, and they will be shut down.
The second thing that we as individuals, enterprises and industries can and should do is push for the world’s governments to begin approaching cyber weapons with the same care as they do chemical, biological and nuclear weapons. Nation states are testing the boundaries of acceptable cyber weapon use. The damage of the Sony attack is just the beginning of what is possible and we need to take that seriously.
In addition, if we have learned anything over the past few years, it’s that unlike physical weaponry that is limited in terms of its geographical reach and reusability, cyber weaponry is deployable anywhere and virtually infinitely reusable. Sophisticated cyber weapons that are developed by nation states will eventually fall into the hands of non-state actors who are not restricted by global standards in their use. This is a prospect that should give all of us serious pause. We need to demand the world’s leaders sit down and come to an agreement to take cyber weapons out of our nation-state arsenals.
If we don’t, movies and e-mails won’t be all that we lose.
- Art Coviello is executive chairman of security firm RSA and executive vice-president at EMC