by Mo Cashman, EMEA Field CTO, Trellix, The Hague
The World Economic Forum identified cybercrime and cyber “insecurity” as two of the key risks contributing to the current world polycrisis. Cyberattack capability has created an inversion of power, allowing criminals, nation-state actors or even small groups to have a much greater disruptive influence across all aspects of society from consumer to business to government services.
Cyber threats – new trends
This threat has been growing exponentially for several years but most recently we have seen some disturbing new trends. First, the use of “Ransomware” as an effective way to disrupt critical infrastructure and government operations. The G7 identified Ransomware as a national threat and called on nations to do more to combat criminal cyber gangs operating “Ransomware As A Service” networks. These networks operate across international borders and have political as well as financial motivations.
Another key attack trend is nation-state actors aiming to compromise corporate supply chains. Companies have a diverse supply chain spanning Information Technology (IT), Operational Technology (OT), Cloud, and other external service or product suppliers. Attackers using trusted supply chain connections are particularly difficult to detect initially. Within the last few years, attackers have exploited IT management software to gain entry to thousands of businesses as well as government agencies globally.
In the face of this polycrisis, what role can the security industry play to increase societal and organisational resilience?
A Zero Trust based security architecture
Zero Trust is a security architecture design principle that all companies, especially cybersecurity companies, should adopt as their goal. The Special Report of the US National Institute of Standards and Technology (NIST) defines Zero Trust as an evolving set of cybersecurity paradigms that moves defence from static, network-based perimeters to focus on users, assets and resources. Zero Trust requires that no implicit trust be granted to assets based solely on their physical or network segment. A Zero Trust based security architecture works together with other assurance practices such as business continuity and information protection to produce a resilient organisation. Cybersecurity companies are part of the trusted supply chain in all organisations. Security software requires constant updates from and data exchange with a security vendor’s network. As such they are primary supply chain targets for cybercriminals. Companies producing security solutions must adopt Zero Trust as an architecture strategy to ensure better protection for their software and management systems.
Industrial security – a shared responsibility
The convergence of enterprise IT Networks with OT systems increases the risk of cyber-attacks on critical industrial operations systems. This convergence presents a unique challenge for the Enterprise Chief Information Security Officer (CISO) given the different stakeholders and systems involved in securing operational technology systems and networks. Questions arise such as:
- Who is responsible for implementing security controls?
- What security controls are validated to run on supplier systems?
- How does the Security Information Centre (SOC) monitor OT systems?
- What is our response plan for incidents involving supplier-managed systems?
It is important to determine the roles and responsibilities for incident response before a security breach! To solve these issues, we need to treat OT networks as part of the enterprise security architecture and not a separate environment. We also need to develop a common shared responsibility model for OT security.We are very familiar with the shared responsibility model when it comes to securing cloud platforms. In the early days of cloud adoption, there was confusion as to what level of security was provided by the service provider. The cloud shared responsibility model defined the security responsibilities between the organisation and cloud service providers. We need the same type of model for securing OT systems and networks. These systems underpin critical national infrastructure; ensuring their security requires cooperation between the business, security vendors and the manufacturer of the specific technology. By establishing such a model, we can improve resilience of the business as well as critical infrastructure services that power society.
Industry-government cooperation
Cooperation between security industry peers and government agencies has been very successful in reducing the risk of cybercrime across the globe. I think one of the best examples of collaboration between public and private organisations is “nomoreransom.org”. This initiative was established between Law Enforcement agencies and IT security companies over 6 years ago with 4 founding partners. It has since expanded to include over 150 public and private entities and is credited with saving organisations an estimated $900 million. Additionally, the Cyber Threat Alliance is a great example of cross-industry collaboration. Having the right threat intelligence is critical to defending against cyber criminals and nation-state actors which is why threat intelligence sharing was a key pillar of the White House’s Executive Order on Improving the Nation’s Cyber Security. The Cyber Threat Alliance is a cross-industry consortium which shares about 6 million threat indicators between members and partners every month. These are shining examples of ideal public-private initiatives that have made a positive impact on reducing the risk of cybercrime over the last decade.
This type of cooperation must now expand to tackle emerging security challenges with Artificial Intelligence (AI) and resulting new technologies. The cybersecurity industry should adopt AI to tackle complex security challenges and empower analysts. It also needs to develop new security controls to protect AI-enabled technologies and data from exploitation.
Mo Cashman
is an Enterprise Architect and passionate leader in cybersecurity. In his function as EMEA Field CTO at Trellix he currently leads development efforts in security and effectiveness testing, value measurement and integrated security system design for the company. In previous roles, he was McAfee’s Chief Security Officer for the Global Public sector. Before joining Trellix in 2022, he also led an important Computer Security Incident Response Team for the US Defense Department in Europe.