Despite the fact that this was yet another cyberwar-related talk, and I had just finished speaking with Fred Kaplan about the history of cyberwar, I was really excited about this RSA session – mostly due to the Dr. Strangelove reference.
Cyberwar and attacks on critical infrastructure are a major theme at this year’s conference. What was different about this session was that it wasn’t all about nation-state hacking. It actually talked about the business of cybercrime as well. For example, co-presenter Daniel Cohen, head of RSA FraudAction, discussed how some of these dark web actors actually offer customer support and SLAs. Ransomware is also becoming more like a business transaction for cybercriminals. They encrypt your data, then send a professional email explaining how you can do business with them to get your data back.
After listening to Daniel and his co-presenter Robert Griffin, Chief Security Architect at RSA, talk about critical infrastructure attacks, I have a feeling we will see more ransomware going after critical infrastructure. Why? Because critical infrastructure like healthcare organizations, utilities, and even financial services have more of an incentive to pay up. Not having access to data at a hospital or not being able to control systems at a utility could literally cost lives. And the fastest way to get back online may be to pay the ransom. We saw this with the ransomware attack at Hollywood Presbyterian Medial Center.
The presenters also touched on a theme that has been a common thread among presentations this week – protection vs. detection. Daniel and Robert theorize that detection is the weakest link in security today. Their theory is based on the fact that once an organization is breached, it typically doesn’t find out for months, if not years. In the case of one utility hack, the cybercriminals had been in the system for several months before they hit “start” on their exploit to take it down. Had the company had proper detection in place, it may have found the exploit before the attackers had the chance to push it live.
Detection is a critical component of security, but I’m not ready to give up on prevention either. Yes, we may say that a breach is inevitable, but let’s do everything we can to make it not happen. So far, I think John Elliot has said it best at this conference when he compared security to fire safety. We have systems in place to prevent fires from happening and spreading and then systems for detecting fires and then responding. We need all these pieces to keep us safe.