The Director of National Intelligence just recently released the Annual Threat Assessment report, which cites concerns of increasing cyber threats from China, Russia, North Korea and Iran. Experts have seen an increase in attacks targeting cyber, technological, and military branches of the U.S. The annual report also emphasizes that the COVID-19 pandemic would continue to be the gravest threat to both national and international security.
Following two major cyber-espionage attacks (SolarWinds, Microsoft Exchange) involving Russia and China, the assessment stressed that cyberattacks remained an “acute” threat to national security.
<p>Cyberattacks are not slowing down. The recent cyber-espionage attacks involving Russia and China that exploited SolarWinds and Microsoft Exchange vulnerabilities demonstrate the intensity of these threats to our national security.</p> <p> </p> <p>The Annual Threat Assessment report essentially says that China wants to rule the world, and will stop at nothing to attack the U.S. Homeland. Ironically, China already leads the world in surveillance systems. Too bad our own government hasn\’t deployed sophisticated monitoring platforms like behavioral analytics to proactively identify and mitigate these cyber-espionage cyberattacks.</p> <p> </p> <p>Meanwhile, it\’s no surprise that Russia continues to be a top cyber threat to the U.S., intentionally targeting our critical infrastructure. We need to be much more prepared to defend our electric grid, industrial control systems, and underwater cables. The best defense is a full-stack offense which again includes cyber defenses powered by machine learning like security analytics.</p>
<p>The message is serious because the situation is serious. My fear as an identity professional for 30 years is that more regulation will occur because of the threat. Every one of these hacks occurred to enterprises that were under some sort of regulation – be it SOX, PCI-DSS, HIPAA, or self-mandated regulations like ISO 27001 or HITRUST. The problem in today\’s environment is that the audit/compliance process is NOT adding enough value to the overall security posture of the enterprise. </p> <p> </p> <p>Audit/compliance is seen as a data-gathering activity in most enterprises. It\’s gathering information on the changes and the reason/justification of the changes. This is a complete misappropriation of resources – both time and money. The change information should be automatically formatted into a compliance conducive format – where no effort is needed at \"audit time\" to search/retrieve records. </p> <p> </p> <p>That\’s why one of the first features YouAttest did for companies is \"Automatic Attestation\" of user events – including escalation of privilege – both malicious and benign. We have to map these audits, especially the identity audits, into the cyber kill chain. That is, insure that the procedures/practices that we are doing as check-boxes for the compliances ALSO ensure our institutions are more resilient to these attacks.</p>