Security breaches are now a fact of life for almost all organizations. New attacks don’t respect traditional boundaries and perimeters, from a country’s borders to enterprise firewalls and intrusion prevention systems. This means that the definition of national security within a cyber context is limited to government institutions, not organizations with operations within a nation’s borders.
A report tracking the largest breaches of 2017 revealed breaches in 2016 increased by 40 percent over 2015, and 2017 “could get even more messy and more serious.” Attacks are no longer simply economically motivated. Some are politically motivated, including the 2016 election information leaked from hacked servers and attempts at voting machine manipulation. The Russian government is said to be behind attacks on election systems in 21 states.
The world’s cyber future looks more like Ukraine, the emerging frontline of a growing conflict between entrepreneurial hackers, nation states interacting in a virtual marketplaces of exploits, tools, identities marketplaces and a shrinking population of cyber security experts defending critical and increasingly complex systems.
New attacks against hospitals, power grids and airports are expanding out of Ukraine into dozens of other countries. These attacks aren’t just about economics but influence as well. Nation states and other bad actors have interests beyond ransom collection and IP theft.
In the cyber world the CISO becomes as important as the CMO. An organization’s success will be more likely tied to its ability to operate and earn trust versus more traditional metrics. That is, the ability to withstand a cyber attack.
Trusted brands will become more valuable because the cyber world is initially driven by access and convenience and trust is simply assumed. The assumption of trust will be going away in short order, just as the people of Ukraine.
This new cyber world reality will force new thinking when it comes to the traditional perimeter. Most of these new attacks evade existing solutions or require extensive efforts on the part of increasingly scarce experts to keep up with the onslaught. Pressure will build for a simpler, more powerful and cheaper software-defined access control solution.
This just in as we post: Speculation that Russian government might be behind Petya ransomware