Grappling with the new cyber paradigm

There are inherent challenges in maintaining a defence data and information advantage in the current global defence security environment. Not only are our vulnerabilities increasing through enterprise level digital transformation and remote working, but our adversaries are behaving more asymmetrically to exploit these opportunities, scaling rapidly, applying increasingly sophisticated threat vectors and co-ordinating more closely.

While reports indicate that highly-organised actors were responsible for 79 per cent of espionage-related data breaches in a defence context, it is the tempo and scale of cyber espionage, attack and influence campaigns that is concerning. The increased use of proxies and criminal entities has had a compounding effect on the scale of attacks recently.

Workforce skill shortages, tight pre-digital and COVID-19 cyber security budgets, the use of the minimum viable technology in tightly budgeted programs and the integration of new technologies such as 5G, has collectively increased the likelihood and potential severity of a breach.

Attack sources do not need a high success rate to achieve a breach that impacts commercial reputations, intellectual property, information security and our wider digital economy. Often, they will discover the weak links in our network security chains and attack until successful.

For example, in a recent attack seen within our global defence community, an unauthorised party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, resulting in the release of Intellectual Property into the public domain.

VIEW ALL

Risk-based approach

The Security Legislation Amendment (Critical Infrastructure) Bill 2020 may force many to tighten protocols in the face of the increased threat profile but in the interim, organisations should consider reviewing their risk profile as threat prevalence and complexity increases. In particular, agencies and organisations may need to consider whether the balance of investment in their cyber security remains appropriate, particularly those established pre-COVID, now with distributed workforces and digital supply chains. 

Board and executive committee members should be ensuring the following is implemented across their virtual security landscape, enabling them to identify, manage and reduce the risk accordingly:

1. Gain complete visibility – No entity can protect against what it cannot see or detect, requiring full visibility of networks and systems. Often, vulnerabilities lay in third-party supply chain vendors – an often overlooked entry point into key acquisition programs for instance. 
2. Reduce the attack surface – It is more difficult for attackers to compromise systems through their weaknesses when the attack surface is reduced and controlled. This is especially true across complex systems and networks where these weaknesses are harder to identify.
3. Prevent all known threats – Adapt a prevention-first philosophy. Share, consume and process threat intelligence and have well-organised defences that can be reconfigured rapidly and automatically based upon new intelligence.
4. Detect and prevent new, unknown threats – Given the rapid pace of change in attacks, preventing known threats alone means organisations are at least one step behind, particularly with organised attackers. Making unknown threats known and developing controls to stop them and automatically reprogramming security technologies to enforce the new controls are key. This requires mature artificial intelligence and machine learning capability, combined with a global data lake and threat intelligence network.
5. Integrate and automate – Integration and automation will enable and strengthen defence workforces, giving them access to actionable cyber intelligence and modern tools to meet mission requirements. Machine learning and behavioural analytics is key to threat prevention and mature capability. This technology has been trusted globally in industries such as Financial Services.
6. Apply Zero Trust – Apply least-privileged access controls AKA the Zero Trust approach. Implementing granular application identification gains greater visibility and more precise control to reduce risks. By verifying all users, devices, and applications accessing your network; Zero Trust boundaries effectively compartmentalise user groups, devices, and data types, such as classified information. Zero trust is as essential to cybersecurity as watertight doors are to a ship in the event of a breach.
7. Simplicity – Gartner research suggests that through to 2025, 99 per cent of breaches will be caused by misconfigurations alone. Single panes of glass and straightforward operating systems reduce the likelihood of human error and also reduce the technical education burden, opening-up the opportunity for skill migration from other operations and industries.

Next steps

Cyber security is a challenge that cuts across all digital programs. As such, it is now a core enabling business activity in the digital age. An integrated approach to addressing the security of sensitive data and critical applications is key to reducing our overall risk within a targeted industry. Defence entities that implement effective security controls with Zero Trust policies can protect their information systems, maintain confidentiality, integrity, availability and trust.

Industry can support government by building their platforms in a way that offers threat intelligence, automation, analytics and machine learning to provide comprehensive coverage across their enterprise, cloud and future work environments. Key attributes should include the ability to protect consistently everywhere, automate tasks for efficiency and offering visibility into network data regardless of location.

Nader Anabtawi is the head of defence at cyber security company Palo Alto Networks.