Looking at cybersecurity
historically, I'm
compelled to talk about the
evolution of the threat spectrum
and why it's so urgent now that
people be aware and study this field.
When we started experiencing
mischief online,
we were looking at young kids who would
stay up all night hacking into, say,
the grading system at their
high school and changing grades.
It was a bit like vandalism.
I can remember having
downloaded a Word document
and it had a macro virus attached
and it unleashed a wrecking ball
on my desktop.
And it would go back and forth and
eliminate everything on my desktop
that I'd have to replace later on.
Now I yearn for the good old
days because we very quickly
saw that organized crime began
to find access to the internet
and begin to squeeze out mischief makers
to replace it with some serious efforts
to compromise people's finances,
steal money, extort folks.
I can recall one of
the experiences that we
had here in the Seattle area
with a couple of Russian hackers
that had compromised an internet
provider here in our area
and had used access to that provider to
leverage other assets on the internet
and create false auctions
on what was then eBay.
And actually this was like
creating a slot machine on steroids
because they were able to automate the
entire auction from beginning to end,
including payments from credit
cards that they had stolen.
And this would result in money
being funneled to their accounts.
And in the space of
about nine months, they
were able to take anywhere
from $9 to $10 million,
and it was estimated it
might be upwards of that
significantly from the financial
institutions that were compromised
in this complex attack.
So criminals began to understand
that it was a lot easier to rob banks
online than it was to go
through the front door of a bank
with a gun and risk life and limb.
And the crimes got increasingly
more sophisticated.
And we saw increasingly nefarious
kinds of activity online,
and we began to see terrorism
and nation-states begin
to get engaged in activity online that
would feed their national objectives.
This took place over a period of
about a decade and, as I said,
gradually squeezed the
mischief out of our concern.
And we began to focus on the criminal
element and the nation-state activity
that was a problem.
Now all of these actors
have different faces.
The young kid that is
hacking into a system,
the criminal, a nation-state
adversary used similar approaches.
They will do reconnaissance
at the beginning of an attack,
find an avenue to enter a system, stay
low and slow and find a way to dig in,
and then begin to navigate
around the system and systems
that are connected to it in order
to find what they're looking for,
and then gradually exfiltrate
what they're looking for
and stay over a long period
of time if necessary.
Recent data breach reports indicate
that the average data breach is not
discovered in an organization
for over 200 days,
almost the better part of a year.
So adversaries today have been able to
disguise themselves and go unnoticed
and steal, take intellectual
property, gather data at will.
And so this process is pretty much
the same no matter who the adversary.
It's a matter of, how do we
operationalize cybersecurity
within our organizations to detect
this activity and defend against it?
