Citing cyberthreats: Why we should be worried

Complacency is not an option when it comes to cybersecurity. Ntirety CEO Emil Sayegh highlights prominent cyberthreats we are facing today in the following piece. 

 

Citing cyberthreats: Why we should be worried 

In the wake of global conflicts, significant concerns about the security of critical domestic cyber operations have dominated the news. Yet, despite all the urgent alerts and notices, after several weeks of escalated scenarios of aggression, it seems the “big one” hasn’t quite hit. On one hand, our power is still on, our water still flows, and our kids can still walk over to the campus ATM and check their balances. Have our adversaries been holding back? Or is something else happening? Threat activity levels are higher than ever, and it is more likely that cyber chaos is lying in wait. Remember the peace of the Western Front — this is the time to worry the most. 

There is little debate that the primary channel for conflicts in the world today is rooted in offensive cyber capabilities. In recent years, attacks from nation-states and state-sponsored groups have surged and include corporate espionage, ransomware schemes, supply chain software breaches, fundraising for terrorist activities, and more. At times it seems that cybersecurity is a cat and mouse epic battle. 

 The U.S. is The Target 

Let’s be clear; it is not just Russia. Even the slightest indication of undermining security is an opportunity for adversaries and foes. China, Iran, North Korea, and even other actors that claim to be technically our allies will not let an opportunity for technological chaos go to waste. This is our modern Roman arena, and we are not viewed as the lions — we are viewed as the bait, and almost everybody is coming at us. 

One simple fact of these threats is that a history of successful attacks begets continued attacks. Attack vectors, techniques, and tools are shared in private corners of the web. Successful campaigns also create digital wealth-based cryptocurrency schemes that can wage war, sponsor terrorist groups, and spawn new attacks and new attackers. 

 Russian Capability 

Russian offensive cyber operations are highly advanced, and we have seen how many experts have tracked the SolarWinds attack of 2020 to suspected Russian sources. This incident was a sophisticated infiltration of a major software supplier, and the discovery of this incident affected thousands of clients. Operations at that scale take time — incorporating full-cycle targeting, social engineering, payload, and surveillance over the course of many months. 

 From the beginning of the war in Ukraine, cyberattacks were first. A prelude to the land attack, these operations destructively took out government agencies, banking facilities, and other critical offices. These were official military actions, but Russia also wields a hidden force of citizens that will see cyber hacking as a form of patriotism and survival as the world continues to pressure economic sanctions upon the country. Attacks could persist for years beyond the cessation of violence. 

 

Attack Signals Not Stopping 

The first quarter of this year is behind us, and we are already seeing high activity in the number of novel methods emerge as well as a heightened and accelerated scale of cyber threat activities across the board. The company I lead has collected an 800% increase in threat activities since the war first started, and it is not abating in any sense of the word. We continue to work with high-level government agencies on a frequent basis to help protect the ecosystem of companies within our client base and beyond. 

We have the Okta situation, new Android malware, reports of suspected Russian and Chinese capabilities to defeat two-factor authentications, and specific failure incidents, such as the report of a major storage provider going through the permanent loss of customer data. If it isn’t clear already, it one day will be — flaws and human interaction can weaken technology, but technology combined with the commitment to thorough security practices can close significant gaps. 

 There is definitive proof that global criminal and perhaps intelligence syndicates are driving this increased activity and the day of the lone hacker is history. Such is a global cyberwar. Companies cannot withstand this escalating onslaught alone. We must take up arms to protect what is ours. This is an invasion of an entirely different kind, and we must protect the homeland in the cloud, on our keyboards, our television, and mobile devices.     

   Preparation and Targets 

We have so much to protect. First, our military and economic foundation are highly dependent on digital terrestrial and satellite technologies. The protection of the backbone is critical, and these are primary targets. However, the frontlines in this battle are everywhere we go, everywhere we live, and so right away and urgently, our national base of cyber readiness must get up to speed on security matters. 

 Only a comprehensive security strategy will solve this once and for all, but until then, we can steel ourselves from this persistent wave of threats with basic actions: 

  •       Lockdown networks and systems
  •       Implement tested and validated backups
  •       Implement Multi-Factor Authentication
  •       Patch systems and software
  •       Turn on monitoring and alerting (everywhere)

 On a personal level, pay attention to your passwords. Change them often and make them complex. Implement multi-factor everywhere possible. Keep aware of phishing attempts, malicious links, and every form of cybersecurity responsibility you bear for yourself and the companies you work for.   

 It is the natural order of things that big-name companies are going to hold a higher target value. Russia, like many other nations that wield cyber threat operations, is in a position where it can completely rely on symbolic victories in its cyber attack campaigns. You can count Coca-Cola, Exxon/Mobil, and even Tesla as organizations that are probably on heightened alert due to their very public business decisions launched in response to Russia’s attack.   

 The Silver Lining 

Industry awareness of these threats has improved, and the fact that we have survived this long ties back to the hardening throughout the industry following two years of pandemic-driven challenges. The fires of that digital chaos and the improved response are positive historical touchstones. We will find that only a complete lifecycle of comprehensive security can protect what is truly essential. 

 Eventually, the Russian crisis on the ground will pass, but another crisis is looming. Silent digital attacks are a prelude to greater actions, and the stillness is a false sign of security. Russia, China, and other global adversaries are stacked up for a global confrontation, hoping that the weakest target may precipitate our fall.  

 

 Check out this piece, originally published in Security Magazine, here and follow me on LinkedIn.  

Readying For Regulation Response To Cyber Incidents – Forbes Article by Ntirety CEO Emil Sayegh

Recently, utility companies have been a major target for hackers, and critical infrastructure has been put at stake. As these cyberattacks have increased, taking action to keep bad actors away from our cyber environments must be a top priority. For industries such as utilities that provide services to almost all of us, we must all do our part to ensure security is enforced. 

 Ntirety CEO Emil Sayegh emphasizes the importance of the United States government’s involvement in protecting the ever-growing cyberspace, and the businesses and people whose lives could drastically change. The following piece, Readying For Regulation Response To Cyber Incidents, was originally published in Forbes.

Readying For Regulation Response To Cyber Incidents

In the wake of a prolonged season of significantly impactful cyberattacks, new regulations have arrived on the scene and we can expect more to soon follow. Good, bad, and ugly, regulations are a natural governmental response to significant situations that carry national implications. For now, the focus is on pipeline operators. But with so much vulnerability in the wild, a lack of overall standards -and also the fact that so much is at stake -cyber regulation is on a trajectory of growth, and may also find itself on a collision course across many more sensitive industries.

Back in May, the world was shocked when the Colonial Pipeline Company revealed that it was a victim of a ransomware attack. The immediate response was to halt operations in order to contain the attack. Five days later, operations resumed, but not before fuel prices on the East Coast of the U.S. skyrocketed and fuel shortages crippled the Eastern Seaboard.

Regulatory Response

The same day that operations resumed, President Biden signed an Executive Order on “Improving the Nation’s Cybersecurity.” Moving from voluntary participation to mandated compliance, some 100 pipeline operations had to formally designate a 24/7 cybersecurity coordinator and report confirmed and potential incidents to the Cybersecurity and Infrastructure Security Agency (CISA) under the new directives.

In late July, the rules tightened up from there with further regulations. The specific details that accompany this mission have not been fully revealed to the public, but some elements have been shared about the program. Participants will need:

  • To develop a cybersecurity contingency and recovery plan
  • Conduct a cybersecurity architecture design review
  • To implement mitigation measures to protect against cyberattacks immediately

In addition, the regulations have a bit of a bite to them, leveraging potential fines that can amount to close to $12,000 per day for each violation.

The Regulatory Trajectory

The age of self-driven, voluntary standards and industry participation is beginning to change as a response to the rash of successful attacks against critical organizations. With solid research and preparation, the implementation of these forthcoming compliance measures could possibly roll out smoothly. It is also likely that challenges will be felt throughout the industries affected by new compliance measures. Revisions and updates will follow, as already exhibited in the pipeline industry.

For most, compliance and regulation are not completely new territory, however the horizontal rollout and application to formerly voluntary industries will carry some challenges along for the ride. New technologies, cutting-edge standards, and continual assessment are not always associated with the considerably comprehensive publications of ordinary regulations.

Rolling out successful cybersecurity regulations in a comprehensive effort is going to require awareness on the contextual history of regulations as well as measures to keep regulations up-to-date and achievable.

Preparing Now

Based on technical and operational components, the gold standard reference point throughout the industry are the standards set forth by CISA. Organizations can get ahead of these and create a better security baseline by assessing cybersecurity policies and procedures and updating them as necessary.

Among the advancing best security practices and technologies, prepare to assess and incorporate:

  • Updated backup and recovery tools and processes
  • Risk prioritization exercises
  • Secure cloud service practices
  • Segmenting networks
  • Multi-factor authentication
  • Zero trust capable architecture
  • Robust endpoint management
  • Enterprise threat mapping
  • Data encryption at rest and in transit

Every environment is different, with different realities to consider.

It can be difficult to turn down the background noise of emerging products, industry buzzwords, and marketing smoke. With so much to navigate, I cannot blame anyone that has completely tuned out. But please don’t. Silence is not bliss in this case. Most companies are ill-equipped to deal with this threat alone and must find competent cybersecurity partners. This movement has already started-this is a clarion call and moment of action on every digital front. Cybersecurity is becoming an imperative across the land.