We recently spoke with cybersecurity expert Shawn Henry, president of CrowdStrike Services and former Executive Assistant Director of the Federal Bureau of Investigation, about the state of cybersecurity looking back at 2014 and forward to 2015. In terms of attacks, Henry said the retail sector was hard hit in 2014.
“We saw breaches into many major online organizations that do online sales, as well as retailers, banks, etc.,” he said. The goal of many of these breaches was the theft of personally identifiable information.
“In 2015, I think we are going to see an increase in more destructive attacks where the adversaries are actually using the network as a weapon to damage rather than to purely steal data,” Henry predicted. “I also think we will see more attacks on industrial control systems and corporate infrastructure.”
According to Henry, many are still reluctant to give a lot of thought to the destructive types of attacks he predicts for 2015, because they haven’t seen it yet on any grand scale. However, he believes that when companies and organizations start to see infrastructure being impacted by attacks, the reality of networks as a weapon will start to resonate and take a much stronger shape.
In the area of innovation in technology and cybersecurity, Henry said that the biggest innovation was the ability to gain greater visibility into the network through endpoint monitoring. “The truth is that we are not going to be able to prevent attacks, so we have to learn to detect attacks. If we can detect adversary activity on the endpoint, it provides much greater granularity into adversary tactics and allows the owners of the network to identify indicators of attacks,” he explained. “It’s about detection and remediation, and endpoint technology will allow organizations to determine whether their networks are in fact under attack and that there was an actual breach.”
Henry lightheartedly said his advice for protecting your company or organization from a cyber-attack is to disconnect from the Internet, but since that isn’t a possibility for most organizations, he said that the approach to cybersecurity needs to change from reactive to proactive.
“There needs to be a paradigm shift in the ways companies react to this, and it is just that: They can’t merely react,” Henry explained. “They have to be proactive, they have to constantly be looking within their network environment for indicators of adversary activity, because right now most aren’t able to protect themselves.”
In our next post, Henry will share what he sees as a “state of Nirvana” for cybersecurity relations between the U.S. government and companies that are on a real military battlefield fighting cybercrime every day.