
NATO and Ukraine in the Trump 2.0 Era
EXPERT INTERVIEWS — While the North Atlantic Treaty Organization (NATO) has long counted the United States among its most generous and loyal members, many NATO nations […] More
Cipher Brief Expert Daniel N. Hoffman is a retired clandestine services officer and former Chief of Station with the Central Intelligence Agency. His combined 30 years of government service included high-level overseas and domestic positions at the CIA. Hoff man is an advisor to Vaillance Group.
Shawnee Delaney was a clandestine officer and former Detachment Chief for the Defense Intelligence Agency and IT Specialist for the Department of Homeland Security for 10 years. She is a subject matter expert on insider threat and is the CEO of Vaillance Group.
OPINION — If there is one thing we have learned from doing business during the COVID-19 pandemic, it is the great benefits but also associated risks, of relying on cyberspace. A force multiplier for free expression and commerce, cyberspace is also an unregulated playing field subjected to exploitation from adversaries like China, Russia, Iran, and North Korea as well as criminals and terrorists.
Now more than ever, organizations are recognizing that no matter what technical controls and policies they have in place, it is the human threat (both internal and external) that is their greatest vulnerability. While use of the internet enables companies to get work done, it also leaves them and their employees vulnerable to exploitation.
The shift from working in an office, with security measures long in place, to a home environment has highlighted a new set of security risks to businesses including the use of personal unprotected devices, a general lack of cyber hygiene, and an ignorance of the vulnerabilities employees pose to their companies.
When we served in the U.S. Intelligence Community, being in the incident response phase – or “to the right of boom” – of a counterterrorism operation meant we had not collected enough of the disparate intelligence or perhaps did not analyze it properly in order to prevent an attack. In most cases, terrorists, like hackers, conduct reconnaissance before mounting an attack. Failing to detect enemy reconnaissance and learn about the threat, allows the attacker to enjoy the element of surprise.
For this reason, cyber savvy companies should focus on prevention during the pre-attack phase. But the first thing they should do is assume they will be (or already have been) successfully hacked and prepare accordingly. This also applies to the human threat – or insider threat.
Join The Cipher Brief March 23-25 for a three-day Virtual Cybersecurity Summit co-hosted by Cipher Brief CEO & Publisher Suzanne Kelly and former NSA Deputy Director Rick Ledgett, featuring Microsoft President Brad Smith, FireEye CEO Kevin Mandia, General David Petraeus, former PDDNI Susan Gordon, Silverado Policy Accelerator’s Dmitri Alperovitch and a host of other public and private sector experts. Attendance is free and registration is required. Sign up today.
By combining both technical and non-technical methods, organizations will have more effective prevention and incident response when something does occur. Incident response entails mitigating damage from the attack as well as taking preemptive measures and correlating learning from previous attempted attacks.
Using a customized dashboard to integrate evolving events and data, incident response begins with “ingesting” the threat with a security incident management tool. Response continues by escalating the notification by automatically characterizing the incident, assessing the threat, and directing the response. The best platform reduces response time to seconds, with basic triage completed before a human becomes directly involved.
Businesses can effectively reduce the attack space, mitigate risk and conduct more timely and effective incident response by securing servers and routers,
using firewalls and sophisticated web codes, and rigorously applying both patches and back-up protocols.
Far better, of course, is to preempt and eliminate threats in the “left of boom” pre-incident response phase to prevent the enemy from having an opportunity to change, steal, or destroy data. Again, there are proven technical controls to mitigate these scenarios, but businesses tend to skip over the non-technical methods of prevention. Considering the threat of cyber attack as only an IT challenge with technical solutions risks neglecting threats resulting from (what our FBI colleagues like to call) the “skin behind the keyboard.”
We learned from our experience in counterintelligence, the importance of protecting against the insider threat. This results from both unwitting employees who require training to appreciate and defend against the dangers to which they are subjected as well as malicious employees with ill intent. Applying the “need to know” principle with access controls and using technology to conduct regular security checks reduces the attack space. Cross connecting human resources, IT, and security to conduct on-board vetting and follow up engagement with employees has the additional benefit of creating a powerful ethos of security within the company, on which all employees recognize their livelihood depends.
A good strategy to protect the data, money and reputation on which commercial success relies should focus on three key elements:
The hacker’s mission to exploit, modify, or steal data most often depends on an individual opening a malicious attachment, clicking on a link, or falling for some other ruse, which allows the hacker protected access. We must be as focused as the attacker is on the human element. Organizations must recognize that ignoring the problem doesn’t make it go away and their own employees are their greatest asset and what they should invest in protecting.
Noting the chaos, which would ensue if nefarious hackers simultaneously turned all of the traffic lights green in Manhattan, former Estonian President and Cipher Brief Expert Toomas Hendrik Ilves eloquently framed the challenge as building a capability-based strategy because however expansive our imagination might be, our enemies will always be steps ahead of us in choosing their targets.
Only with the best preparation and defensive measures can we reduce our risk of operating in cyberspace, which Cipher Brief Expert Michael Hayden, the former director of both the CIA and NSA, has compared to swimming in shark-infested waters, where even the dolphins are a threat.
Read more expert-driven national security insight, analysis and perspective in The Cipher Brief.
Related Articles
EXPERT INTERVIEWS — While the North Atlantic Treaty Organization (NATO) has long counted the United States among its most generous and loyal members, many NATO nations […] More
BOTTOM LINE UP FRONT — Two utterly different events, in two very different parts of the world, have raised fresh concerns about a return to […] More
EXPERT PERSPECTIVE — When The Cipher Brief looked at the global security landscape for 2025, Greenland didn’t rate a mention. That was probably true of new […] More
EXPERT VIEW — 2024 has brought multiple reminders of the threats – real and potential – posed by the People’s Republic of China (PRC). Over the […] More
DEEP DIVE – The Office of the Director of National Intelligence (ODNI) is a relatively recent addition to the institutional architecture of the U.S. Intelligence […] More
DEEP DIVE — For years, Iran’s Islamic Revolutionary Guard Corps (IRGC) has tried and failed at all sorts of half-baked schemes to eliminate enemies living in […] More
Search