Security Experts:

An Ode to CISOs: How Real-World Risks Became Cyber Threats

From Vancouver to Volkswagen to Vanderbilt, the most significant threats facing organizations across every sector are now virtual. That’s according to the World Economic Forum’s 2019 Global Risks Report, which named cyber-attack the greatest non-environmental danger to mankind, ahead of even war and terrorism. Advanced cyber-criminals have already managed to disrupt the Ukrainian power grid, attempt to impact the U.S. presidential election, and cost the global business community billions of dollars. By launching novel attacks on a daily basis, these criminals are consistently bypassing legacy security tools that use predefined rules and signatures to detect only ‘known’ threats. 

As a consequence, it is, in fact, the CISO who most directly safeguards an organization’s future. However, like a king without a castle, most CISOs lack the security tools necessary to ensure their firms can embrace this future with confidence. With once-physical business concerns rapidly migrating into the CISO’s online domain, organizations must support these CISOs by adopting new approaches — such as AI cyber defenses — that can keep pace. Here are just a few reasons why CISOs across every industry are being impacted:

Upholding attorney-client privilege

Every law firm recognizes that attorney-client privilege is the foundation of both its reputation and its bottom line. Yet in an era defined by digitization, protecting clients’ confidential disclosures has unexpectedly become a cyber security issue. Even the most sensitive legal documents are today revised on SaaS applications, transferred over email, and stored in the cloud — all common blind spots for traditional cyber defenses. Moreover, a siloed approach to safeguarding cloud, SaaS, and email services is not sufficient to guarantee that files remain secure as they traverse these complex infrastructures.

Upholding attorney-client privilege now requires tools that provide complete visibility across such infrastructures in real time. Indeed, firms without these capabilities face no less than existential risk. The infamous Panama Papers incident — in which 11.5 million documents containing attorney-client information were leaked from law firm Mossack Fonseca — caused that firm to close in March 2018. The days when lawyers merely needed to keep quiet about their clients’ affairs are gone, since online threat-actors are increasingly attempting to break their silence via cyber-attack.

Thwarting the saboteur

The prospect of disgruntled workers and rival companies undermining assembly line processes has long loomed large for manufacturers. Two hundred years ago, the Luddites destroyed machinery that they believed threatened their jobs, while during both World Wars, resistance fighters committed industrial sabotage against enemy military suppliers. In the modern era, cyber-attacks have greatly exacerbated these risks, affording them far more subtly and permanence. Unlike conventional saboteurs, online threat-actors can lurk unnoticed for months in industrial networks, learning trade secrets or causing imperceptible production errors. Rather than simply shutting down an oil rig, for example, these advanced cyber-criminals might tamper with the geophysical survey data used to position that oil rig, potentially leading to millions in lost revenue and much more lasting damage.

Cyber-attacks targeted at Industrial Control Systems are rapidly on the rise, in part because — as IT environments quickly upgrade their devices and operating systems — their OT counterparts still rely on bespoke machines that are years or even decades out of date. Traditional security tools are largely incompatible with such unique and antiquated systems, while none of these tools detect novel attacks designed to exploit an ICS network’s particular vulnerabilities. More generally, the legacy approach to cyber defense relies on preventing outsiders from gaining privileged network access, rendering it blind to credentialed employees with malicious intent. 

Defending the register

Retailers the world over are well aware that their cash registers attract thieves, leading many to install CCTVs on the ceiling to secure their revenue. Yet the most serious threat to these registers can’t be seen by cameras. The retail sector was the top cyber-attack target among all industries in 2017, while previous years have witnessed giants including Target suffer some of the largest breaches in history to their point-of-sale (POS) systems. 

Such systems often comprise vulnerable IoT devices — like cash registers — that are designed without an emphasis on cyber security, making them low-hanging fruit for criminals looking to steal credit card information. The Target breach alone exposed 40 million U.S. debit and credit accounts by compromising as many as 60,000 POS terminals. With IoT security unlikely to improve by leaps and bounds in the foreseeable future, attackers will inevitably infiltrate these POS systems again, necessitating tools capable of detecting threats against nontraditional IT.

Safeguarding the city

One troubling reason that the Global Risks Report ranked cyber-attack ahead of terrorism is that the former may soon come to encompass the latter. Of course, assaults on cities — and specifically on municipal infrastructure — have been a staple of human conflict throughout history. However, such assaults are exponentially further reaching and harder to attribute when committed in cyberspace. Unlike older analog systems that are neither linked to one another nor able to be controlled remotely, today’s internet-connected infrastructures are highly integrated, a reality that prompted the World Economic Forum report to warn of kinetic cyber-attacks causing “system-wide” breakdowns.

Beyond instigating power outages like the 2015 Ukraine incident or holding a city’s network for ransom like the 2018 Atlanta attack, cyber-criminals and hacktivists may begin targeting government networks in order to inflict physical harm. The explosion that cyber-attackers set off at a German steel mill in 2014 demonstrated that digital code can have life-threatening applications. And with some of the most expansive, difficult-to-defend networks on earth, cities must treat this risk as seriously as they do conventional crime.

CISOs clearly need all the help they can get to defend the entire scope of their firms’ operations, since formerly analog risks confronting everything from assembly lines and power plants to cash registers and legal memos have all migrated to the digital sphere. And as innovative online attacks continue to expand the purview of cyber security, helping these CISOs means equipping them with equally innovative tools that stand a fighting chance. Fortunately, such tools — powered in many cases by artificial intelligence — are already deployed in leading enterprises and smart cities, empowering them to reap the full benefits of their technology. Securing the Digital Age is eminently possible, but only if we continue to challenge the status quo of cyber defense.

Learn More at SecurityWeek's 2019 CISO Forum, Presented by Intel

view counter
Justin Fier is the Director for Cyber Intelligence & Analytics at Darktrace, based in Washington D.C. With over 10 years of experience in cyber defense, Fier has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Fier is a highly-skilled technical officer, and a specialist in cyber operations across both offensive and defensive arenas.