Abstract image of a woman sitting on books and studying on a laptop

2015 whats old is new again

D
Daren Dunkel

The document appears to be an article discussing cybersecurity trends for the year 2015. It interviews Bill Crowell, a former NSA executive, about his views on major cyber attack vectors and the need for improved coordination between public and private sectors in combating sophisticated cyber attacks. Crowell led "Operation Eligible Receiver" in 1997 which showed how insecure critical US systems were and notes many systems remain insecure today. He identifies distributed denial of service attacks, social engineering, and zero day attacks as major emerging threats and stresses the need for defenders to share threat information and deploy tools to reduce vulnerabilities.

1 of 3
Download to read offline
1
2
3
01110011 00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01 01110111 00100000 01000001 01100111 01100001 01101001 01101110 01010111 01101000 01100001 01 01011100 00100110 00100011 00110000 00110011 00111001 00111011 01110011 00100000 01001111 01 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01110111 00100000 01000001 01 01100001 01101001 01101110 01010111 01101000 01100001 01110100 01011100 00100110 00100011 00 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01 00100000 01001110 01100101 01110111 00100000 01000001 01100111 01100001 01101001 01101110 01 01101000 01100001 01110100 01011100 00100110 00100011 00110000 00110011 00111001 00111011 01 00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01 00100000 01000001 01100111 01100001 01101001 01101110 01010111 01101000 01100001 01110100 01 00100110 00100011 00110000 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01 00100000 01101001 01110011 00100000 01001110 01100101 01110111 00100000 01000001 01100111 01 01101001 01101110 01011100 00100110 00100011 00110000 00110011 00111001 00111011 01110011 00 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01110111 00 01000001 01100111 01100001 01101001 01101110 01101001 01101110 01011100 00100110 00100011 00 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01 As 2015 starts, there is no shortage of articles, posts, and interviews projecting the year ahead for cybersecurity trends, attack scenarios, and countermeasures. I have reviewed numerous materials (from McAfee Labs, Trend Micro, FireEye, Websense Security Labs, Symantec, etc.) highlighting similar themes around critical infrastructure, mobile device attacks, and the evolution of hacking in general. One article cannot cover all possible scenarios for the year ahead, so I asked someone with experience across both the public and private sectors at the highest levels for his input. Bill Crowell has led the NSA and been a CEO in commercial industry. He sits on multiple boards and has been heavily engaged in the cyber market since its inception. He is currently a partner in the venture capital firm Alsop Louie Partners, as well as an independent consultant specializing in information technology, security, and intelligence systems. Crowell held a number of senior positions in operations, analysis, strategic planning, research and development, and finance during his time at the NSA, and served as Deputy Director of Operations from 1991 to 1994, and Deputy Director of the Agency from 1994 to 1997. After retiring from the NSA he served as President and CEO of Cylink Corporation, a leading provider of e-business security solutions, from 1998 to 2003.1 Bill Crowell is an excellent resource for all things cybersecurity – past, present and future. Mr. Crowell organized and deployed Operation Eligible Receiver in 1997 while at the NSA. This US government exercise used the NSA as a hacking group in a simulated attack on the US government to show how insecure our critical systems were. The NSA team used techniques and software freely available on the internet at the time and did not allow the use of any special techniques or prior information from the government. Many aspects of the exercise still remain classified, but the team was able to inflict considerable simulated damage. Even today, 17 years later, it seems that the adage of “what’s old is new again” applies. Systems still remain insecure across the board – public and private. Crowell says that “Eligible Receiver proved an important point that is still relevant today in our efforts to secure networks. The Internet Protocol was designed to facilitate connections across the network and was not designed to facilitate security. We will live with this ‘ease of connecting’ as an anathema to security for a long time to come.”2 Many 2015 threat reports highlighted the emergence of mobile devices and sensors in driving the IoT (Internet of Things) model. The IoT will integrate 26 billion connected devices by 2020 (Gartner’s estimates)3 , while HP also recently published a report stating that over 70% of current connected devices contain major vulnerabilities.4 While initially the consumer side may What's OLD is NEW Again by: Daren Dunkel  United States Cybersecurity Magazine | www.uscybersecurity.net 00
not see the impact of cyber-attacks, the thousands of new devices being deployed in hospitals and healthcare facilities are at much greater risk. The same is true for the financial sector, as smartphone technology has brought innovation to the user experience but greatly broadened the attack surface. Hacking groups understand both the topology of enterprise networks and unique user behaviors and interests, thanks to social media. The skills of advancedhackersseemtobemirroring the tools and tactics of intelligence professionals. Bill Crowell sees it this way: “The three major attack vectors that have emerged since 2006 have been distributed denial of service (DDOS) attacks, social engineering (phishing, etc.) and zero day attacks. All three seem to have come out of the criminal, hacktivist and nation state skill pool and have spread throughout those three communities like wildfire. Many of these attack mechanisms are freely available for sale or in the case of DDOS, for rent. The attack vectors are being enhanced by their creators with far greater speed than the security tools needed to deal with them. There is also reason to believe that nation states and skilled criminal hackers deliberately make attack vectors available to script kiddies in order to hide their own attack vectors in the noise.”5 As these major attacks continue in 2015 we will see more lawsuits against corporations and their boards and, consequently, additional money will be spent to protect systems, personal information, and corporate brand reputations. Businesses large and small must now manage physical and digital risk across their entire organization and their extended supply chain. If 2014 was considered the year of the breach, 2015 may have new surprises in store, if the recent Sony hack is any example. It will take a coordinated global effort to truly combat these sophisticated cyber-attacks. Bill Crowell concurs: “The sophistication of attack tools has advanced to the point where defenders must not only find new ways to defend themselves, but must also share their knowledge of the threats with others in a coordinated way to reduce the uncertainties of evolving computer and network attacks. In addition, new tools that can use threat information to reduce the threat surface, and ensure that known threats do not succeed in penetrating their perimeters, and their applications will have to be deployed rapidly to stay ahead of the millions of attackers that currently cruise the network with impunity.”6 Considering 2015 in terms of cybersecurity and its impact on risk management in general, a few fundamental shifts continue to present themselves. First and foremost, the adversary is getting more sophisticated, dangerous, and global. The hacking community is evolving at every level, from hacktivists to organized criminals, and using creative ways to distribute malware and make the average hacker more problematic. The cyber threat is growing, and active defense against the three major attack vectors Bill Crowell cited above is an important first step. The public and private sectors must also improve in the sharing of real time data about attacks and attackers. Corporations and individuals must better understand how and why they are being attacked in order to protect their most valuable information assets. The job of collecting security event data isn’t complete until action is taken to stop an attack and prevent reoccurrences. Actionable intelligence on real time information feeds will be 100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 0111 100001 01101001 01101110 01010111 01101000 01100001 01110100 01011100 00100110 00100011 0011 110011 00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 0110 100111 01100001 01101001 01101110 01010111 01101000 01100001 01110100 01011100 00100110 0010 111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 0100 000001 01100111 01100001 01101001 01101110 01011100 00100110 00100011 00110000 00110011 0011 001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01110111 0010 101001 01101110 01101001 01101110 01011100 00100110 00100011 00110000 00110011 00111001 0011 101100 01100100 00100000 01101001 01110011 00110011 00111001 00111011 01110011 00100000 0100 101001 01110011 1001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 0110 100111 01100001 01101001 01101110 01101001 01101110 01011100 00100110 00100011 00110000 0011 100000 01001111 01101100 01100100 00100000 01101001 0111001100110011 00111001 00111011 0111 100100 00100000 01101001 011100111001111 01101100 01100100 00100000 01101001 01110011 0010 100000 01000001 01100111 01100001 01101001 01101110 01101001 01101110 01011100 00100110 00100 110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 1100 0 "The sophistication of attack tools has advanced to the point where defenders must not only find new ways to defend themselves, but must also share their knowledge of the threats with others in a coordinated way to reduce the uncertainties of evolving computer and network attacks." United States Cybersecurity Magazine | www.uscybersecurity.net00
10111 00100000 01000001 01100111 10000 00110011 00111001 00111011 00101 01110111 00100000 01000001 00011 00110000 00110011 00111001 01110 01100101 01110111 00100000 11001 00111011 01110011 00100000 00000 01000001 01100111 01100001 11011 01110011 00100000 01001111 01111 01101100 01100100 00100000 00101 01110111 00100000 01000001 10011 00111001 00111011 01110011 10011 00100000 01001111 01101100 00000 01001110 01100101 01110111 0011 00110000 00110011 0011100101 01100100 00100000 01101001 010010 THE MIL CORPORATION UNDERSTANDS THAT THE LANDSCAPE OF SYSTEM SECURITY IS RAPIDLY CHANGING AND WE’RE HERE TO PROTECT YOUR CRITICAL DATA. OUR CYBERSECURITY SECTOR DEVELOPS, TESTS, CERTIFIES, AND TRANSITIONS TECHNOLOGIES AND METHODOLOGIES TO ENSURE THAT OUR CUSTOMERS ACHIEVE OPERATIONAL SUCCESS AND OUT-PACE POTENTIAL THREATS - EVERY TIME. THE CORPORATION WWW.MILCORP.COM key in 2015 and beyond, to truly understand when you are being attacked and how to respond. One thing is certain: 2015 will be another interesting year in cybersecurity. Sources 1 Alsop Louie Partners: “Our Team: Bill Crowell, Partner.” <http://www.alsop-louie.com/team/bill-crowell/> 2 Crowell, Bill: Personal e-mail conversation with author 3 Gartner, Inc.: “Gartner Says the Internet of Things Installed Base Will Grow to 26 Billion Units By 2020.” December 2013. < http://www.gartner.com/ newsroom/id/2636073> 4 Miessler, Daniel: “HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack.” July 2014. <http://h30499.www3.hp.com/t5/ Fortify-Application-Security/HP-Study-Reveals-70- Percent-of-Internet-of-Things-Devices/ba-p/6556284#. VNu3LvnF98E> 5 Crowell, Bill: Personal e-mail conversation with author 6 Ibid. Daren Dunkel graduated from Oklahoma State University in 2014 with a business degree in Management Information Systems and a certification in Information Assurance (IA) from the NationalSecurityAgency(NSA).Heisasales professional with Intel Security (formerly McAfee), specializing in cybersecurity solutions and countermeasures for the commercial business market sector in Northern California and Nevada. Daren works in the domestic sales operation center in Dallas, Texas. About the Author United States Cybersecurity Magazine | www.uscybersecurity.net 00

More Related Content

PDF
HE Mag_New Cyber Threats_ITSource
Brian Arellanes
 
PDF
Mark Anderson on Cyber Security
Meg Weber
 
PDF
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Knowledge Group
 
PDF
2015 Cyber Security Strategy
Mohit Kumar
 
PDF
Final national cyber security strategy november 2014
vikawotar
 
PDF
2022 Cybersecurity Predictions
Matthew Rosenquist
 
PPTX
Cyber war a threat to indias homeland security 2015
Ajay Serohi
 
PDF
ICOCI2013: Keynotes 1
Syamsul Bahrin Zaibon
 
HE Mag_New Cyber Threats_ITSource
Brian Arellanes
 
Mark Anderson on Cyber Security
Meg Weber
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Knowledge Group
 
2015 Cyber Security Strategy
Mohit Kumar
 
Final national cyber security strategy november 2014
vikawotar
 
2022 Cybersecurity Predictions
Matthew Rosenquist
 
Cyber war a threat to indias homeland security 2015
Ajay Serohi
 
ICOCI2013: Keynotes 1
Syamsul Bahrin Zaibon
 

What's hot (19)

PDF
HACKER-POWERED SECURITY REPORT
E.S.G. JR. Consulting, Inc.
 
PDF
The 2014 Data Breach Investigations Report
- Mark - Fullbright
 
PDF
CYBER THREAT FORCAST 2016
Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
DOCX
Possible cyber security threats of 2016
James_08
 
PDF
Security for Smartgrid
Gruene-it.org
 
PDF
Alert logic cloud security report
Gabe Akisanmi
 
PDF
Is your data safe Infographic by Symantec
Cheapest SSLs
 
PDF
Tema 5.cybersecurity
FalconPeregrine1
 
PPTX
Cyberwar threat to national security
Talwant Singh
 
PDF
Securing Cyber Space- Eljay Robertson
Eljay Robertson
 
PDF
Beza belayneh information_warfare_brief
Beza Belayneh
 
PDF
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
Talwant Singh
 
PDF
Volume2 chapter1 security
at MicroFocus Italy ❖✔
 
PDF
Symantec Website Security Threat Report 2014 - RapidSSLOnline
RapidSSLOnline.com
 
PDF
Cyber terrorism fact or fiction - 2011
hassanzadeh20
 
PDF
IBM 2015 Cyber Security Intelligence Index
Andreanne Clarke
 
PDF
From Social Media Chaos to Social Business Security - Geneva 2014
iDIALOGHI
 
PDF
Cyberwar - Is India Ready
Dinesh O Bareja
 
PPTX
Cyber terrorism
Savigya Singh
 
HACKER-POWERED SECURITY REPORT
E.S.G. JR. Consulting, Inc.
 
The 2014 Data Breach Investigations Report
- Mark - Fullbright
 
CYBER THREAT FORCAST 2016
Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Possible cyber security threats of 2016
James_08
 
Security for Smartgrid
Gruene-it.org
 
Alert logic cloud security report
Gabe Akisanmi
 
Is your data safe Infographic by Symantec
Cheapest SSLs
 
Tema 5.cybersecurity
FalconPeregrine1
 
Cyberwar threat to national security
Talwant Singh
 
Securing Cyber Space- Eljay Robertson
Eljay Robertson
 
Beza belayneh information_warfare_brief
Beza Belayneh
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
Talwant Singh
 
Volume2 chapter1 security
at MicroFocus Italy ❖✔
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
RapidSSLOnline.com
 
Cyber terrorism fact or fiction - 2011
hassanzadeh20
 
IBM 2015 Cyber Security Intelligence Index
Andreanne Clarke
 
From Social Media Chaos to Social Business Security - Geneva 2014
iDIALOGHI
 
Cyberwar - Is India Ready
Dinesh O Bareja
 
Cyber terrorism
Savigya Singh
 
Ad

Similar to 2015 whats old is new again (20)

PPTX
Cyber Security
frcarlson
 
PDF
Course Slides for CS_6035_01_Security Mindset (1)
leoyang0406
 
PDF
Cyber security notes or Mca/bca about security
rahulsinghvi13
 
PDF
Secureview 3
Felipe Prado
 
PPTX
LIS3353 SP12 Week 9
Amanda Case
 
PPT
Dos and Dont to be followed to protect information and technology
ssuser3baba2
 
PPT
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
Gaurav Srivastav
 
PDF
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 
PDF
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
Asad Zaman
 
PDF
Cybersecurity Interview Questions and Answers.pdf
Jazmine Brown
 
PPTX
It security the condensed version
Brian Pichman
 
PDF
1. security 20 20 - ebook-vol2
Adela Cocic
 
PPTX
Network Security of Data Protection
UthsoNandy
 
PPTX
Top 12 Threats to Enterprise
Argyle Executive Forum
 
PDF
Cyber Security Matters a book by Hama David Bundo
hdbundo
 
PPTX
What's New In CompTIA Security+ - Course Technology Computing Conference
Cengage Learning
 
PPT
2.4.1 - Intro to Cyber Security for students.ppt
rameshselvarajkkp
 
PPTX
Introduction to cyber security.pptx
SharmaAnirudh2
 
PDF
COMP 424 Computer System Security Fall 2016
SamGuy7
 
PDF
European Cyber Security Perspectives 2016
Omer Coskun
 
Cyber Security
frcarlson
 
Course Slides for CS_6035_01_Security Mindset (1)
leoyang0406
 
Cyber security notes or Mca/bca about security
rahulsinghvi13
 
Secureview 3
Felipe Prado
 
LIS3353 SP12 Week 9
Amanda Case
 
Dos and Dont to be followed to protect information and technology
ssuser3baba2
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
Gaurav Srivastav
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
Asad Zaman
 
Cybersecurity Interview Questions and Answers.pdf
Jazmine Brown
 
It security the condensed version
Brian Pichman
 
1. security 20 20 - ebook-vol2
Adela Cocic
 
Network Security of Data Protection
UthsoNandy
 
Top 12 Threats to Enterprise
Argyle Executive Forum
 
Cyber Security Matters a book by Hama David Bundo
hdbundo
 
What's New In CompTIA Security+ - Course Technology Computing Conference
Cengage Learning
 
2.4.1 - Intro to Cyber Security for students.ppt
rameshselvarajkkp
 
Introduction to cyber security.pptx
SharmaAnirudh2
 
COMP 424 Computer System Security Fall 2016
SamGuy7
 
European Cyber Security Perspectives 2016
Omer Coskun
 
Ad

2015 whats old is new again

  • 1. 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01 01110111 00100000 01000001 01100111 01100001 01101001 01101110 01010111 01101000 01100001 01 01011100 00100110 00100011 00110000 00110011 00111001 00111011 01110011 00100000 01001111 01 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01110111 00100000 01000001 01 01100001 01101001 01101110 01010111 01101000 01100001 01110100 01011100 00100110 00100011 00 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01 00100000 01001110 01100101 01110111 00100000 01000001 01100111 01100001 01101001 01101110 01 01101000 01100001 01110100 01011100 00100110 00100011 00110000 00110011 00111001 00111011 01 00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01 00100000 01000001 01100111 01100001 01101001 01101110 01010111 01101000 01100001 01110100 01 00100110 00100011 00110000 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01 00100000 01101001 01110011 00100000 01001110 01100101 01110111 00100000 01000001 01100111 01 01101001 01101110 01011100 00100110 00100011 00110000 00110011 00111001 00111011 01110011 00 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01110111 00 01000001 01100111 01100001 01101001 01101110 01101001 01101110 01011100 00100110 00100011 00 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01 As 2015 starts, there is no shortage of articles, posts, and interviews projecting the year ahead for cybersecurity trends, attack scenarios, and countermeasures. I have reviewed numerous materials (from McAfee Labs, Trend Micro, FireEye, Websense Security Labs, Symantec, etc.) highlighting similar themes around critical infrastructure, mobile device attacks, and the evolution of hacking in general. One article cannot cover all possible scenarios for the year ahead, so I asked someone with experience across both the public and private sectors at the highest levels for his input. Bill Crowell has led the NSA and been a CEO in commercial industry. He sits on multiple boards and has been heavily engaged in the cyber market since its inception. He is currently a partner in the venture capital firm Alsop Louie Partners, as well as an independent consultant specializing in information technology, security, and intelligence systems. Crowell held a number of senior positions in operations, analysis, strategic planning, research and development, and finance during his time at the NSA, and served as Deputy Director of Operations from 1991 to 1994, and Deputy Director of the Agency from 1994 to 1997. After retiring from the NSA he served as President and CEO of Cylink Corporation, a leading provider of e-business security solutions, from 1998 to 2003.1 Bill Crowell is an excellent resource for all things cybersecurity – past, present and future. Mr. Crowell organized and deployed Operation Eligible Receiver in 1997 while at the NSA. This US government exercise used the NSA as a hacking group in a simulated attack on the US government to show how insecure our critical systems were. The NSA team used techniques and software freely available on the internet at the time and did not allow the use of any special techniques or prior information from the government. Many aspects of the exercise still remain classified, but the team was able to inflict considerable simulated damage. Even today, 17 years later, it seems that the adage of “what’s old is new again” applies. Systems still remain insecure across the board – public and private. Crowell says that “Eligible Receiver proved an important point that is still relevant today in our efforts to secure networks. The Internet Protocol was designed to facilitate connections across the network and was not designed to facilitate security. We will live with this ‘ease of connecting’ as an anathema to security for a long time to come.”2 Many 2015 threat reports highlighted the emergence of mobile devices and sensors in driving the IoT (Internet of Things) model. The IoT will integrate 26 billion connected devices by 2020 (Gartner’s estimates)3 , while HP also recently published a report stating that over 70% of current connected devices contain major vulnerabilities.4 While initially the consumer side may What's OLD is NEW Again by: Daren Dunkel  United States Cybersecurity Magazine | www.uscybersecurity.net 00
  • 2. not see the impact of cyber-attacks, the thousands of new devices being deployed in hospitals and healthcare facilities are at much greater risk. The same is true for the financial sector, as smartphone technology has brought innovation to the user experience but greatly broadened the attack surface. Hacking groups understand both the topology of enterprise networks and unique user behaviors and interests, thanks to social media. The skills of advancedhackersseemtobemirroring the tools and tactics of intelligence professionals. Bill Crowell sees it this way: “The three major attack vectors that have emerged since 2006 have been distributed denial of service (DDOS) attacks, social engineering (phishing, etc.) and zero day attacks. All three seem to have come out of the criminal, hacktivist and nation state skill pool and have spread throughout those three communities like wildfire. Many of these attack mechanisms are freely available for sale or in the case of DDOS, for rent. The attack vectors are being enhanced by their creators with far greater speed than the security tools needed to deal with them. There is also reason to believe that nation states and skilled criminal hackers deliberately make attack vectors available to script kiddies in order to hide their own attack vectors in the noise.”5 As these major attacks continue in 2015 we will see more lawsuits against corporations and their boards and, consequently, additional money will be spent to protect systems, personal information, and corporate brand reputations. Businesses large and small must now manage physical and digital risk across their entire organization and their extended supply chain. If 2014 was considered the year of the breach, 2015 may have new surprises in store, if the recent Sony hack is any example. It will take a coordinated global effort to truly combat these sophisticated cyber-attacks. Bill Crowell concurs: “The sophistication of attack tools has advanced to the point where defenders must not only find new ways to defend themselves, but must also share their knowledge of the threats with others in a coordinated way to reduce the uncertainties of evolving computer and network attacks. In addition, new tools that can use threat information to reduce the threat surface, and ensure that known threats do not succeed in penetrating their perimeters, and their applications will have to be deployed rapidly to stay ahead of the millions of attackers that currently cruise the network with impunity.”6 Considering 2015 in terms of cybersecurity and its impact on risk management in general, a few fundamental shifts continue to present themselves. First and foremost, the adversary is getting more sophisticated, dangerous, and global. The hacking community is evolving at every level, from hacktivists to organized criminals, and using creative ways to distribute malware and make the average hacker more problematic. The cyber threat is growing, and active defense against the three major attack vectors Bill Crowell cited above is an important first step. The public and private sectors must also improve in the sharing of real time data about attacks and attackers. Corporations and individuals must better understand how and why they are being attacked in order to protect their most valuable information assets. The job of collecting security event data isn’t complete until action is taken to stop an attack and prevent reoccurrences. Actionable intelligence on real time information feeds will be 100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 0111 100001 01101001 01101110 01010111 01101000 01100001 01110100 01011100 00100110 00100011 0011 110011 00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 0110 100111 01100001 01101001 01101110 01010111 01101000 01100001 01110100 01011100 00100110 0010 111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 0100 000001 01100111 01100001 01101001 01101110 01011100 00100110 00100011 00110000 00110011 0011 001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01110111 0010 101001 01101110 01101001 01101110 01011100 00100110 00100011 00110000 00110011 00111001 0011 101100 01100100 00100000 01101001 01110011 00110011 00111001 00111011 01110011 00100000 0100 101001 01110011 1001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 0110 100111 01100001 01101001 01101110 01101001 01101110 01011100 00100110 00100011 00110000 0011 100000 01001111 01101100 01100100 00100000 01101001 0111001100110011 00111001 00111011 0111 100100 00100000 01101001 011100111001111 01101100 01100100 00100000 01101001 01110011 0010 100000 01000001 01100111 01100001 01101001 01101110 01101001 01101110 01011100 00100110 00100 110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 1100 0 "The sophistication of attack tools has advanced to the point where defenders must not only find new ways to defend themselves, but must also share their knowledge of the threats with others in a coordinated way to reduce the uncertainties of evolving computer and network attacks." United States Cybersecurity Magazine | www.uscybersecurity.net00
  • 3. 10111 00100000 01000001 01100111 10000 00110011 00111001 00111011 00101 01110111 00100000 01000001 00011 00110000 00110011 00111001 01110 01100101 01110111 00100000 11001 00111011 01110011 00100000 00000 01000001 01100111 01100001 11011 01110011 00100000 01001111 01111 01101100 01100100 00100000 00101 01110111 00100000 01000001 10011 00111001 00111011 01110011 10011 00100000 01001111 01101100 00000 01001110 01100101 01110111 0011 00110000 00110011 0011100101 01100100 00100000 01101001 010010 THE MIL CORPORATION UNDERSTANDS THAT THE LANDSCAPE OF SYSTEM SECURITY IS RAPIDLY CHANGING AND WE’RE HERE TO PROTECT YOUR CRITICAL DATA. OUR CYBERSECURITY SECTOR DEVELOPS, TESTS, CERTIFIES, AND TRANSITIONS TECHNOLOGIES AND METHODOLOGIES TO ENSURE THAT OUR CUSTOMERS ACHIEVE OPERATIONAL SUCCESS AND OUT-PACE POTENTIAL THREATS - EVERY TIME. THE CORPORATION WWW.MILCORP.COM key in 2015 and beyond, to truly understand when you are being attacked and how to respond. One thing is certain: 2015 will be another interesting year in cybersecurity. Sources 1 Alsop Louie Partners: “Our Team: Bill Crowell, Partner.” <http://www.alsop-louie.com/team/bill-crowell/> 2 Crowell, Bill: Personal e-mail conversation with author 3 Gartner, Inc.: “Gartner Says the Internet of Things Installed Base Will Grow to 26 Billion Units By 2020.” December 2013. < http://www.gartner.com/ newsroom/id/2636073> 4 Miessler, Daniel: “HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack.” July 2014. <http://h30499.www3.hp.com/t5/ Fortify-Application-Security/HP-Study-Reveals-70- Percent-of-Internet-of-Things-Devices/ba-p/6556284#. VNu3LvnF98E> 5 Crowell, Bill: Personal e-mail conversation with author 6 Ibid. Daren Dunkel graduated from Oklahoma State University in 2014 with a business degree in Management Information Systems and a certification in Information Assurance (IA) from the NationalSecurityAgency(NSA).Heisasales professional with Intel Security (formerly McAfee), specializing in cybersecurity solutions and countermeasures for the commercial business market sector in Northern California and Nevada. Daren works in the domestic sales operation center in Dallas, Texas. About the Author United States Cybersecurity Magazine | www.uscybersecurity.net 00