In Cybersecurity, Resilience Is The New Prevention

By March 15, 2017Bitcoin Business
Click here to view original web page at www.forbes.com

Any optimism that cybersecurity can overcome threats and contain losses is being tempered by the recognition that even a single computer — much less those of an entire organization — can be protected from every imaginable threat.

Emergency business plan and crisis management strategy metaphor as a businessman in a broken deflated hot air balloon being saved by a single small red party balloon as an innovative response solution idea.
Emergency business plan and crisis management strategy metaphor as a businessman in a broken deflated hot air balloon being saved by a single small red party balloon as an innovative response solution idea.

Rather than striving for the impossible, some cybersecurity experts are advocating resilience.

Speaking last week to business and government leaders gathered in Louisiana for cybersecurity summit held by CenturyLink, experts encouraged cybersecurity teams to focus instead on deflecting, minimizing or successfully enduring attacks. The idea is to keep users and businesses online by enabling systems to provide service no matter what.

Resilience has become standard operating practice at the internet infrastructure and service provider level, which faces more than 120,000 distributed denial of service (DDoS) attacks every week. DDoS attacks are often launched by large, coordinated groups of infected machines. These botnets flood a server or data center with requests — in the form of internet packets, or data units — crowding out legitimate traffic or completely overwhelming machines until whole networks are taken offline.

Because a botnet is typically formed outside one's own network, there is little any single organization can to do actually prevent their attacks. Typical DDoS responses today include filtering out the malicious network requests and rapidly creating new server instances elsewhere in the cloud to handle legitimate traffic while the original systems are being attacked.

Phyllis Schneck, former deputy undersecretary for cybersecurity and communications at the National Protection and Programs Directorate, part of the Department of Homeland Security, explained at the summit that such attacks are inevitable.

“If a botnet of 400,000 machines is assembled against you, the nature of the internet is that the packets are going to arrive," Schneck said at CenturyLink headquarters in Monroe. “We need to build systems that are resilient and let you fight back when you're under attack."

An Active Defense

Instead of passively sitting behind firewalls or depending on anti-virus suites for defense, a more active approach might provide better protection, according to experts. At the summit, they suggested a strategy that emphasizes bouncing back from attacks, identifying points of weakness and making contingency plans.

“You need to think about things you can do proactively, not just to ensure good hygiene around cybersecurity, but also to predict and anticipate attacker activities," said Bill Bradley, CenturyLink senior vice president of cyber engineering and technical services.

Cybersecurity experts and researchers increasingly are sharing data in real time to help industry professionals better understand the nature and potential damage of new attacks, as well as to find ways to reduce recovery time. The burgeoning field of predictive analytics is also helping by identifying potential threats based on unusual network traffic patterns, the type of visitor to a site and a visitor's originating addresses.

Analytics can advance resilience by unearthing data breaches before they have time to fester. The Office of Personnel Management (OPM) data breach, announced in 2015, was fundamentally identical to an earlier breach at the Department of the Interior that went unreported until the OPM attack was dissected.

Bad Guys Embrace Resiliency

Cybercriminals are not only aware of resiliency, they are using it for their own benefit. Malware is altering the appearance of the attacking program just enough to fool conventional anti-virus software into declaring it free from infection.

Some criminals are also using resiliency to short-circuit a common recovery tactic against ransomware attacks. Typically ransomware encrypts data and promises to decrypt it, if a fee is paid, often in bitcoin or another untraceable means. A resilient response to such an attack would be to immediately shut down affected machines and restore the data with a copy.

“But the first thing some ransomware does is deletes backups, first deleting local backups and then looking for external drives with backups and deleting those too," Steven Chabinsky, former deputy assistant director of the cyber division at the FBI, said at the summit.

Resiliency isn't strictly a technological matter. Organizations need plans to maintain continuity in the event of a successful attack that shuts down or otherwise compromises key systems. Chabinsky, currently global chair of data, privacy and cybersecurity at the international law firm White & Case, described how an attack caused a company difficulty meeting payroll —not by putting the company's finances in jeopardy, but by making electronic payments unavailable. The company responded by issuing paper checks.

Resiliency can be an effective response, if the attacker — having already invested substantial resources — is not able or willing to sustain the attack.

“When you're resilient, you defeat the threat because the cost of attacking you gets higher and higher," said Kathryn Condello, CenturyLink director of national security and emergency preparedness.

Comment on this story

Leave a Reply

All Today's Crypto News In One Place