Today Cyber Security plays a paramount role in global security. On this blog, the CEO of Paramount Defenses shares rare insights on issues related to Cyber Security, including Privileged Access, Organizational Cyber Security, Foundational Security, Windows Security, Active Directory Security, Insider Threats and other topics.


March 26, 2013

The Temperature Is Rising - Cyber Security Threats Abound

Folks,

If you've been following the Cyber Security space, then you know that cyber threats are increasingly becoming a serious threat to national and corporate security worldwide. Over the last few weeks, we've all seen a steady increase in cyber security attacks, and we've also seen governments move to make cyber security a national security priority, as it rightly should be.

Last week, U.S Representative Dutch Ruppersberger of Maryland, top Democrat on the House Permanent Select Committee on Intelligence, said on CNN’s State of the Union program - “We have attacks right now. Wall Street has been attacked. We have the capability of other countries, including Iran, for destructive attacks, to knock out our grid system, to attack some of our banks. We have got to stop this.

A few months ago, I had alluded to the fact that the Perfect Storm may be brewing for organizations worldwide. I believe that a perfect cyber security storm is ahead of us, and it may be around the corner.

 
Based on what we're seeing, we believe that the temperature is rising, and that in months to come, the number and severity of cyber attacks on organizations is unfortunately only going to increase.

Based on what we're seeing, I also continue to believe that inspite of the rhetoric, most organizations worldwide, including numerous government organizations hardly have a clue as to some of the world's most serious cyber security risks today. (For now, the seem busy trying to figure out how to prevent themselves from kiddish DDOS attacks, which frankly, are merely an annoyance.)

There's no dearth of rhetoric when it comes to Cyber Security. There is only the dearth of the enactment of well-thought out, prioritized risk mitigation measures aimed at ensuring that organizations are adequately defendable from not just kiddish DDOS attacks to their front doors, but also adequately defendable from advanced cyber threats that could very well be launched from on the inside, once malicious perpetrators have found a way to deliver a well-crafted payload to the inside.

In essense, what is needed is that organizations understand just how paramount the importance of cyber security is, and that they swiftly enact measures aimed at ensuring that their digital assets are adequately and comprehensively protect from risks. A high-priority, well-funded, organization wide cyber security risk assessment and mitigation initiative

At Paramount Defenses, we're helping organizations obtain a deeper understanding of some of the most critical of such advanced threats that have the potential to cause swift, irreversible, wide-spread damage to the very foundation of their cyber security defenses.

We wish all organizations well, and we hope that understand the gravity of the situation, because the temperature is certainly rising, and the perfect storm may unfortunately be around the corner.

Best wishes,
Sanjay

March 12, 2013

Cyber Attacks a key threat to U.S. National Security, according to a Report. (Unimpressed. This is just Common Sense.)

According to the U.S. intelligence community's recent worldwide threat assessment, cyber attacks are a key threat to U.S. national security, as reported by CNN http://www.cnn.com/2013/03/12/us/threat-assessment/index.html

I’m surprised that this is news or that it takes a threat assessment to deduce this – this is common sense!
 

U.S. National Security
 

Why you ask?
 
Well, its no surprise that the United States is one of the most technologically advanced countries in the world, and as a consequence, virtually all aspects of its economy and security are digitally powered i.e. underlying most of its business and government organizations are mission-critical IT infrastructures that play an elemental role in facilitating the digital operation and control of large parts of these organizations.
 
Cyber Security
 
These mission-critical IT infrastructures play a paramount role in protecting the digital assets of these organizations, and given their digital nature, they do not enjoy the privilege of being protected by physical boundaries such as discrete and defendable geographical borders.


U.S. Cyber Command
 
 
On the contrary, they are exposed to a vast and myriad attack-surface, as they can be attacked both from outside and from the inside, and since most of them are connected to the Internet, technically anyone from anywhere could potentially try to launch an attack against these IT infrastructures, and because the attack surface is so vast, the likelihood of an attack succeeding is rather high.

 
Advanced Persistent Threats
 
These cyber attacks can also vary in technical sophistication, and range from your vanilla kid-stuff throwing-stones-at-the-entrance DDOS attacks (which are so easy to carry out, and often glorified by an ignorant media) to advanced enterprise-targeted security privilege escalation attacks which require sophisticated technical expertise to carry-out and can result in a perpetrator gaining complete administrative control over an organization’s entire IT infrastructure.

The kiddish DDOS attacks so often publicized by the media aren’t even worthy of national news anymore, but unfortunately, the media doesn’t understand this stuff to well, so for them its news! What the media doesn’t understand well at all are advanced cyber threats which have the potential to take out entire organizations, (plausibly including many of these media organizations as well) within a day, by using the power of automation. Yes, these are very possible, but I don’t expect the media to shed light on these because they don’t have the faintest clue as to how such attacks might work, or just how much harm they can inflict.

Cyber Attack


That's the kind of stuff we worry about at Paramount Defenses; these advanced cyber security attack vectors, which often require deep technical expertise but can be automated by a single entity, such as a hostile foreign government, and one that can then be launched in a variety of ways to compromise an organization. What I’m referring to here is a Stuxnet like payload, crafted meticulously to take one or more organizations down. Such payloads, once written, can be disseminated and deployed in numerous ways, the simplest of them involving an organization’s own administrators downloading free IT tools/utilities.

Such advanced cyber security threats to organizations worldwide, not just in the U.S. are very real, and in our experience, we have found that most organizations are unprepared to secure and defend themselves from such attacks.

To make a long story short, this isn’t and shouldn’t be news to anyone, and shouldn’t require a formal threat assessment to realize – this is common sense, but I suppose, as they say, common sense isn’t that common.

That’s about all the time I have for blogging. Now if you’ll excuse me, I’ve got to get back to helping our customers secure and defend themselves from powerful, advanced cyber security threats, such as this.

Best wishes,
Sanjay