Cyber Terrorism and the Innovation Gap
As C-level awareness of cyberattacks on U.S. business has risen in recent years, unfortunately so has the innovation gap between companies' cyberdefense tactics and the attackers' advantage.
The daily headlines of cyberattacks give credence to the steadily increasing number of attacks against the private sector. While cybersecurity was once seen as a topic too insignificant to require board attention, now it's essential to receive regular briefings and reports on the issue as part of responsible corporate governance.
Existing security models and defensive technologies have not kept pace with the innovation of the attackers and the return on investment from traditional firewalls and anti-virus is rapidly decreasing.
What's a CEO to do?
(Read More: BP Fights Off Up to 50,000 Cyber-Attacks a Day: CEO)
Focusing solely on perimeter security and signature-based detection of bad actors just doesn't work within the current and emerging threat environment. The plethora of external Internet activity at the individual employee level (email, social networks, cloud apps, etc.) provide many pathways to compromise systems inside your perimeter and those attacks often have no known signature for detection.
It's only a matter of time before adaptation of existing innovations in other information technology disciplines will be applied to cybersecurity issues. For example, developments in the field of big data will drive new initiatives to collect unique cybersecurity data sets within and across enterprises. Those big data sets will be normalized with machine learning techniques to identify patterns of malicious activity but also to identify anomalies indicative of a potential threat.
The availability and resiliency of existing cloud platforms will drive this adaptation and allow for distributed collection and analysis and provide an ability to leverage multiple sources and varying types of anonymized data within their sector.
One need only look at the innovation within transaction analytics to counter online fraud to get a sense for how some of these approaches could be adapted for cybersecurity. For example, one recent start-up uses machine-learning techniques to identify fraudulent browsing patterns against a company's external web sites. In the future, these analytics will be applied inside the firewall not only against employee browsing activity, but also against other network and workstation-based data.
The cybersecurity industry is also ripe for innovation to address deficiencies or gaps in the existing market.
Here are just a few areas where we'll see near-term innovation:
To know your adversary, your CISO must know more than just the attackers' malicious code. Behavioral analytics is already augmenting and will soon replace signature based detection technologies. Any attacker can modify the signature of their malware with ease. For example, it was reported that in the recent attack against the New York Times around 50 variations of malware were used, but only one was detected. By focusing on the behavior of the malicious code or the human attacker, we'll be able to detect threats without the need for a known signature.
Never underestimate the power of identity management and authentication, two critical areas where innovation gaps can loom large. Too many personal and corporate secrets are hidden behind simple username and password combinations. Just as we are seeing a drive to implement two-factor authentication for cloud services, it will be imperative to embrace big changes in how users and enterprises manage identities and credentials to access, share, and store data.
The bring your own device (BYOD) challenge plaguing so many enterprise technology managers today is a prime example. Each smart phone, tablet, or portable device brought into the enterprise is a full-fledged computer system that parallels the capabilities of desktops released just a few years ago. The enterprise must demand new ways to manage, monitor, and restrict these mobile devices or risk debilitating breaches the enterprise may be unlikely to recover from.
The Good News
While many argue that the government needs to figure out new ways to share classified intelligence with the private sector, it just won't be necessary. The private sector is already in possession of the data they need and as Adversary characterization and granular threat intelligence improve it will be aggregated and augmented with external technical sources to achieve a more accurate threat picture. In most organizations understanding who is attacking you is just as important as how they are attacking you.
(Read More: Obama Warns Hacking Against US 'Ramping Up')
Active defense is often heralded as a new concept in the cybersecurity industry but it has roots going back to 2000. What has changed since then is a more pro-active attitude within industry to defend their intellectual property through active defense measures within their enterprise (inside the firewall) and on public networks through cooperation with global internet service providers. These active defense measures will increase the cost for the attacker and also have them second guessing the validity and value of any stolen IP.
Matthew G. Devost is a technologist, entrepreneur, and international security expert who has consulted on cybersecurity issues to the Fortune 500 for the past 15 years. He currently serves as President and CEO of FusionX LLC.