Leon Kuperman
The past several months have brought a string of terror attacks and violent incidents, which not only claim lives but cause worldwide feelings of fear and vulnerability. It seems that groups of terrorists like ISIS can strike when and where they want.
As the authorities ramp up surveillance, such attackers simply adapt and change their tactics. They have learned to be patient and to leave few traces.
Stopping terror groups and other bad actors requires an evolving approach. Because these attackers don’t rely on yesterday’s methods for launching the next strike, authorities can’t rely on yesterday’s surveillance and intervention methods if they want to stop the attacks before they happen.
This is especially true as terror groups take their fight from the streets to The Street.
The changing landscape of terrorism
Terror attacks serve a dual purpose: They not only harm or kill people, they send psychological shock waves throughout the world. After the rubble is cleared, fear and insecurity persist. This is what the attackers count on. For this reason, it is certain that terrorist organizations will increasingly bring their attacks to the online world, where ideologically motivated players — like Anonymous and New World Hacking — have already made a splash.
If a terror group does not have the wherewithal to launch physical attacks on America’s banks, corporations, government agencies and utilities, they certainly see the value in attacking those institutions’ digital architectures. A crippling attack on networks operated by Wall Street banks or law enforcement agencies would not just grind business to a halt, but would sow powerful feelings of insecurity and panic among the people.
Politically and financially motivated hackers have already blazed a trail that terror groups can now follow. It’s no longer a question of whether terror groups will pursue a cyber attack, it’s now a question of when.
The digital black market
A group like ISIS might not have the technical know-how to stage a major hack against American corporations or government agencies. But this is the age of the digital black market, where an ISIS-type group can simply buy that expertise and use it to their own ends.
Additionally, ISIS has already been attacked on the online battlefield. Anonymous and other hacking groups have waged campaigns to take down ISIS social media pages and otherwise hamper communications among members.
It’s certain that ISIS will be looking to defend itself on that front, as well as launch attacks like these on their adversaries. All the know-how they will need is in fact available in the darker corners of the web, where security experts illegally sell their expertise to the highest bidders.
Wall Street, the government and other critical institutions are already doing what they can to prevent these kinds of attacks. The question is what’s it going to take to stay one jump ahead of an increasingly creative foe?
Moving security from reactive to proactive
Online security today is reactive, and therein lies the problem.
Corporate spending on cybersecurity is on the rise, but installing next-generation firewalls and new types of intrusion detection may not adequately defend against the next attack.
This is because many security programs on the market today have been developed to detect the known signatures of a cyber attack (those that were found and studied after previous attacks). But what about an attack that features an entirely new signature — or no signature at all? A security program that uses past attacks as a guide could miss something compelling and dangerous. Hackers and cybercriminals today have developed new skills that could soon render off-the-shelf security systems obsolete.
And because a sophisticated cyber attack is an expensive proposition, hackers are likely to reserve such attacks for choice targets like government agencies or the country’s largest businesses, where the potential reward justifies the cost.
Recent, well-publicized attacks on businesses — as well as a large-scale government-network intrusion by hackers from China — show that intruders can penetrate networks that are presumed to be the most secure, remaining undetected for months, quietly studying the security apparatus while gradually moving through the network.
Recent hacks and intrusions have illustrated new tactics, and the intruders were not found because they did not follow the known patterns of past attacks.
If bad actors are going beyond the established patterns, defenders of critical infrastructures need to in turn do the same in order to protect themselves from the newest forms of attack.
Comment