Cyber Reading: Three Important Books for Understanding the Cyber Security Crisis and What to Do About It
There are over 3.5 million unreported, undiscovered data breaches that occur in the United States each day. According to Cybint, this breaks down to about 158,727 breaches per hour. That’s a lot of vulnerable data. The first step to stopping it is a broad awareness and education in what cyber attacks really are, how they work, and why.
We’ve been following trends, ideas, and insights into the new world of cyber security. Three books in particular have had a big impact on the way we think about cyber security today. Each offers a unique viewpoint on cyber issues ranging from international, national, and local levels. Here’s a quick summary of what we’ve learned from each.
Cyber Security in International Affairs
Book: Countdown to Zero Day
Countdown to Zero Day, written by award winning journalist Kim Zetter, explores the attack of a Zero Day virus called “Stuxnet.” Stuxnet was developed by two intelligence organizations in an effort to sabotage the operations of Iran’s nuclear enrichment plant, known as Natanz. This particular virus was created in the early 2000’s, deployed in 2005 and went undetected until 2010. It is known today as the world’s first digital weapon.
The term “Zero Day” refers to a virus that hasn’t been seen before. It is special because the computer industry hasn’t built defenses against it yet. Therefore there are no easy ways to detect or stop it. Stuxnet was the first virus of its kind, but certainly not the last.
Sergey Ulasen, head of the security division at Virus Blok Ada in Belarus, is credited with discovering Stuxnet. An Iranian client from the IT team at Natanz had reportedly reached out to Ulasen after discovering that the Nantaz computer systems were stuck in a reboot loop. They would not stop turning on and off. Despite this client’s best efforts to fix the problem on his own, he and his team needed professional help to get back up and running. The reboot loop was merely a symptom of the bigger problem that Stuxnet had created. They would not be able to recover quickly.
Stuxnet specifically targeted the Nantaz computers associated with uranium enrichment. Its creator’s mission was to prevent the technicians at Nantaz, and the Iranian government, from creating weapons of mass destruction. Stuxnet succeeded in slowing down their production. Nobody had to step foot into the facility, or even the country to do it.
Following Stuxnet, hackers and government agencies have continued to create and deploy Zero Day weapons against their targets. Their creation correlates with the rapid expansion of communication technology in the last two decades. Since we all use the internet to communicate: through email, social media, downloadable applications, and link sharing, there is no way to prevent a Zero Day attack. We can only prepare and backup our systems accordingly.
Cyber Security in National Affairs
Richard A. Clarke is a counter-terrorism expert who has served in several presidential administrations as a security advisor. According to him, “The U.S. military is no more capable of operating without the Internet than Amazon.com would be.” This is a scary comparison considering Amazon’s most recent cyber attack.
In this attack, hackers gained access to merchant accounts through phishing emails. These emails were designed to look like they came from Amazon. They required merchants to log into look-alike accounts so that their information could be recorded. From there, the hackers were able to access the real merchant accounts and send money wherever they wanted. This went on for over six months.
The Amazon attacks might seem minor compared to a zero day or act of war. In reality, hackers might use the same tools to access different aspects of our nation’s critical infrastructure. This includes our power grids, financial institutions, and armories, which all run online. Any bad actor with the right information can gain entry into any of these systems and shut them down or use them for their own benefit. Few policies or strategies are in place to protect the networks that they run on.
Clarke and his co-author, Robert K. Knake, define cyberwar as “an action by nation-states to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” In our opinion, this definition should not be limited to nation-states. Rogue hackers, disgruntled employees, and money laundering criminals can cause the same amount of damage.
It’s an unsettling wakeup call to realize how reliant we are on technology. It’s even more unsettling to realize how easy it is to take that technology offline. If all of the banks, ATM systems, and teller machines went down tomorrow, very few people would know what to do. This goes for any aspect of our critical infrastructure. Without the right backup, our country might not be able to recover.
Cyber Security in Your Personal Life
Book: Future Crimes
Future Crimes by Marc Goodman, gives a detailed review of existing online privacy laws. These laws demonstrate how the platforms you trust are actually tricking you into giving away your privacy rights. Every time you agree to a “terms and conditions” clause without reading it, you are willingly signing away your privacy. Ironically, these agreements are so long, and so difficult to digest, that nobody even bothers to try. The platforms you use know this.
By clicking that agreement box, you give companies like Google and Facebook permission to track your browsing activity and scrape your private messages for marketing information. This information is collected, stored, and sold to the highest bidder. If that bidder, or anyone on their team has any malicious intent, your systems become vulnerable. This opens the door for cyber attacks.
According to Goodman, “no computer has been created – to date – that can not be hacked.” This isn’t limited to viruses. Bad actors can also manipulate individuals into giving away their personal or confidential information. By playing off of your sense of trust or fears, they can learn anything they want about you and use it to their benefit. Your data is valuable. Your privacy is too. There’s a reason so many people are after it.
We really do mean it when we say that nobody is safe from a cyber attack. The simple act of sharing information makes you and anyone you work with vulnerable. Cyber attacks occur on the personal, national, and international level. Technology is non-discriminatory. The best thing we can do to protect ourselves, without disconnecting completely, is the back up our information.
One way to protect your organization’s information and production environment is through MDRaaS. MDRaaS stores data from client computer systems in an off-site cloud. This makes restoration easy if on-site systems are compromised for any reason. It also minimizes downtime. Visit our resources page to learn more.
If you have any questions or comments about our services, or want to talk about one of the books above, give us a call. We would love to chat.