WatchPoint Security Blog

The Wild West Returns - Why We Need John Wayne and His Partner Carbon Black

Written by Greg Edwards | August 20, 2015

 In an interview this month, Secretary of State John Kerry described the current state of cybersecurity as being “…pretty much the wild west, so to speak…”.

This statement is somewhat shocking, coming from one of the most powerful and technologically advanced nations on the planet. In the same interview, Kerry also admits that his emails are being regularly intercepted and he writes them in light of that knowledge.

So, we find ourselves 15 years into the 21st century, in a situation of total standoff against cybercriminal gangs that are highly trained, using sophisticated techniques, often techniques developed by states to use against other states, and who are often working together across international borders to attack the very fabric of our society.

The levels of attacks in recent years is unprecedented. We’ve covered a few of the larger ones in this blog in earlier posts. Examples being the recent theft of over 22 million personal accounts from employees (both former and current) at the Office of Personnel Management (OPM), the IRS breach where around $50 million was stolen using hacked accounts, the United Airlines breach and the massive Anthem breach of around 80 million personal records. But the fact is that cybercriminals are widening their reach and going after all sized organizations, including SMBs.

To make matters worse, the level of understanding of the now highly sophisticated cyber threats we are facing is not enough to stave off the attacks. The learning curve is suddenly massive, and according to a MacAfee report, 90% of small to medium sized companies don’t use data protection at all for customer and company data, and less than half have anti-phishing protection in place. In the case of those companies, it really isn’t a case of if; it’s a case of when they get hacked.

Affecting Supply Chain

One of the reasons why cybercrime is being targeted at small to medium sized companies is because they can allow the cybercriminal to more easily get at the larger organizations through the supply chain. Cybercriminals know that a smaller company cannot match the security resources of their larger counterparts and this makes them an easier target. Phishing emails are used to focus in on staff with privileged account access, stealing their logon credentials and ultimately using them to breach, not only from the smaller company but also their supply chain members. This is exactly what happened in the Target breach where 100 million customer records were stolen – it is believed that a phishing email, sent to one of Targets suppliers, stole network credentials issued to the supplier by Target. This breach happened in 2013 and is still costing Target millions.

Cybersecurity Legislation

All of this criminal activity has resulted in the U.S. Federal Government taking this much more seriously. In February of this year, Obama signed an executive order called “Promoting Private Sector Cybersecurity Information Sharing”. This order was a direct result of all of the attacks on U.S. companies and government facilities in recent years. It also is a recognition that something serious has to be done to meet the growing threats, and the shift in the security landscape towards a more organized and sophisticated approach to targeting and attacking companies and their infrastructures. The order was enacted as a bill in April of this year, known as the “Cyber Intelligence Sharing and Protection Act” (CISPA). The bill’s purpose is to establish legislative measures allowing and supporting the sharing of security intelligence between companies and government and vice versa. It hasn’t been without its opposition. For example it has been described by one Republican senator as more of a surveillance bill than a security bill. One of the biggest reactions to it has been from the privacy advocates, concerned that sensitive customer data will not be protected properly by the government.

However, those of us in the tech world recognize the importance of the role of security intelligence. We know that sharing information on security threats and vectors is the next generation of security tools and strategies, making sure that privacy is upheld while doing so – the only way to combat the onslaught we are currently witnessing in the cyber security space.

John Wayne and Carbon Black to the Rescue

Tools like Carbon Black take data from millions of end points to build up knowledge of threat intelligence that can then be applied to your extended network to monitor, detect and prevent cyber-attacks. This type of approach, using security collaboration and applied intelligence will let us keep one step ahead of the bad boys, giving us a fighting chance at winning this war on our data and our business.