The Threat Landscape is Evolving
CISOs from United Airlines, Siemens and HP discuss cybersecurity
Recently, HP Wolf Security hosted an all-star panel moderated by Ed Amoroso, CEO of TAG Cyber, and including Joanna Burkey and Dr. Ian Pratt from HP, Kurt John of Siemens, and Deneen DeFiore of United Airlines. The experts explored what they see as 2022’s biggest cybersecurity trends, such as cyber resilience, the evolution of threat, and what kind of attacks are likely to increase. The hour was jam-packed with insights.
Historically, cybersecurity is focused on data security. It shouldn’t come as a surprise that a lot of cybersecurity strategies were built around protecting sensitive data. But that paradigm is shifting, according to DeFiore, who is VP and CISO at United Airlines. She says that now that we’re so dependent on digitized processes to do everything, it’s important that we understand the underlying technology and how it’s all related, so when an issue happens, we can respond and remediate.
“Organizations have to be able to have vulnerability responses and concurrently run their operations. It’s not going to be ‘stop everything and fix this cybersecurity problem,’” she said.
In other words, your cybersecurity encompasses much more than attempting to put data into a vault that is impervious to hackers — it’s about encapsulating all the systems that drive your business in a secure vault, so your business doesn’t grind to a halt. And if you do run into a problem, you can’t stop everything else until it’s fixed. After all, United Airlines doesn’t make money unless their planes fly. A cybersecurity incident that keeps planes grounded is potentially more harmful to the company’s well-being than a story about a stolen customer database.
There is an entire industry built around stealing data and money. And these are not two-bit con artists and teenagers looking for clout on the internet, but professionals with a lot of talent and motivation who treat these efforts of theft as a highly lucrative, long-term career.
This, according to HP’s Pratt, who is global head of security for Personal Systems, makes the already difficult job of being a defender even more difficult. These cybercriminal organizations are investing in R&D to bake up tools and schemes that are increasingly difficult to defend against. They’re also uninterested in a snatch and grab approach. They are patient and willing to dig deeper for a bigger payday.
John, who is chief cybersecurity officer at Siemens USA, described threats as living things that are constantly evolving. “They ebb, they flow, they grow, they shrink,” he said, noting that what works today can be catastrophic tomorrow. This is just one more reason being a defender is so difficult, he says — you don’t know what you don’t know, and the things you do know are subject to change.
Here are some threats that panelists believe are going to be a problem in the coming year:
HP’s CISO Burkey is concerned with the rise of the one-to-many attack. Traditionally, when a cybercriminal wants to attack a victim, they have to do it one at a time. If they fail, they move on to the next mark. If their attack works, then they can steal and ransom data, drain money out of the bank account, and move on to the next target.
But now attackers are getting more efficient. Now they’re targeting victims that give them access to even more victims. Instead of targeting the investment bank across town, they target the managed service provider that takes care of the IT environment of all five banks in town, or the tool that hundreds of banks across the country use.
“We now see — and really SolarWinds was the first large-scale version of this even though we know it had happened before — the one-to-many where the attacker got efficient and they realized they don’t need to go one-to-one all the time. They can find a commonality between hundreds or even thousands of victims and compromise that commonality. And then, with the same amount of work, they now have thousands of people on the other end of this threat vector that might be able to be compromised,” said Burkey.
Attacks from within, usually to get revenge on an employer or for financial gain are the typical insider threat. An insider threat might sell credentials to access brokers on the dark web or work with cybercriminals to deploy ransomware within their employer’s environment for a cut of the ransom. The insider threat is nothing new — they predate computers. But with the rise of ransomware and anonymized payment methods like cryptocurrency, the insider threat will become an increasingly bigger problem over the next few years, according to John.
The M&A attack is a variant of the supply chain attack, according to John. Attackers will find a market that is saturated with startups. The market itself isn’t important, just as long as there is a lot of M&A activity. Basically, hackers will target a small business, establish a foothold, hide their foot tracks, and wait. Once the business is acquired, the attackers now have access to an even bigger, more valuable target.
The unrelenting Darwinistic evolution of cyberthreats does not allow for much error – cybersecurity professionals are tasked with protecting the corporate world, the nation’s infrastructure and institutions, and a teeming army of small businesses. Vigilance, paired with cyber resilience, and a healthy dose of respect for nature’s ability to mutate and find new paths to creation seem to be the current formula for survival.
is president and senior analyst for BPO Media, which publishes The Imaging Channel and Workflow magazines. As a market analyst and industry consultant, Ames has worked for prominent consulting firms including KPMG and has more than 15 years experience in the imaging industry covering technology and business sectors. Ames has lived and worked in the United States, Southeast Asia and Europe and enjoys being a part of a global industry and community.