Today's wars aren't fought with just tanks and planes, but with ones and zeros. We've heard this reference used to describe cyberwarfare in the military but it's more relevant than ever in the commercial space where threat actors (of many forms) use increasingly sophisticated techniques to cause irreparable harm to corporate entities. Our hyper-connected world is an unforgiving place for organizations that cannot quickly identify and mitigate compromises across their extended corporate networks, which often include public cloud infrastructure, BYOD devices and other less controlled technologies.
The way we think about cyberwarfare materialized around 2011. That year, the White House published The International Strategy for Cyberspace, which reserved the right to use any means necessary, including military strikes, to defend against threats originating from cyberspace. It not only addressed seemingly routine nation-state attacks, but also spoke to emerging threats that could, one day, attempt to destabilize the functions of our critical infrastructure. That day has since arrived: cybercriminals now impact our society in ways we could never have imagined.
Attacks on organizations in energy, health care, manufacturing, financial services and transportation are becoming ever more prevalent. Hospitals are the victims of 88 percent of all ransomware attacks due to their wealth of patient data and records. Criminals access the networks of global banks through smaller, less-defended banks. And the Department of Homeland Security found close to 900 security flaws within U.S. energy companies. So it isn't hard to imagine an attack similar to the one in Ukraine in 2015 which cut power to 230,000 people in the middle of winter. The right type of attack can unravel infrastructure systems at an alarming velocity, before government and industry leaders have a chance to react.
Borrowing from Sun Tzu's Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” State of war declarations are atypical in cyberwarfare, and targets, attackers and intentions are not well delineated, just as in current day warfare. Visibility is paramount in ensuring the military's ability to protect critical data: their approach to cybersecurity is one that strives to know itself (and the enemy) through clarity into what people are doing, and where and why they are doing it.
The military is so adamant about understanding behavior and intent that they've prioritized an active defense with monitoring capabilities, threat intelligence and incident management that can identify when an attack is taking place and set auto-response mechanisms in motion when a breach occurs.
So how do we translate this approach for companies in the commercial space, which store data using public and private cloud services and enable employees to work from anywhere in the world? With no real security perimeter to defend, how do we protect critical data and IP? We move from a technology-centric view of cybersecurity to a focus on understanding the points in which people – employees, partners, contractors and threat actors posing as such – interact with critical business data and intellectual property. One that focuses on the human points of interaction with information technology, where businesses see critical data as most valuable, but also the most vulnerable. Why is this so important? It's simple: that human point of interaction with IP is where even the most comprehensively designed cybersecurity systems can be undermined in a single malicious or unintentional act.
We need a paradigm shift away from strategies that seek to apply more layers of technology in the hopes of eliminating security gaps.
Determining a baseline for what “normal” looks like can help us identify abnormal or risky behavior that leads to data loss. By viewing behavior in this way, we gain insight to where a user's actions sit on the spectrum of cyber intent – ranging from accidental to compromised to malicious – to make informed decisions that mitigate risk. This people-centric approach can tell us whether a data breach at a nuclear plant was caused by a mistake (as the majority of today's cyber incidents are), or it can help expose an employee that is the target of social engineering. In a worst case scenario, this approach will warn us about a disgruntled employee who for weeks has planned to leave the organization and is attempting to take company secrets to a competitor. Mistakes can be remedied through policy, but if someone is being compromised or acting maliciously, we need to know. And not in that very moment, but before it even happens. Given the consequences of this new technology world order, understanding intent cannot be optional – it is the new battleground of cyber.
Matt Moynahan is the chief executive officer for Forcepoint. He joined in 2016, bringing more than 20 years of security, cloud services and technology industry leadership, ranging from product development to sales to general management.