The potential for kinetic responses to cyber conflict is real and has been used in the past, specifically by the Israeli government against a reported Hamas-backed cyber threat group. Recently, I was asked about cyberwar, and to be clear, cyber conflict is not the same as cyberwar. War really involves death and damage. We can use hyperbole all we want, but there it is. Now…what constitutes an Act of War is entirely up to nation-states. You can start a war over a fly swatter (France v. Algeria) or a man’s ear (Jenkin’s War) or a dead Archduke (Ferdinand --> WW1). But in the end, what matters is what a country does.

The reports of the hacktivist breach of more than 150,000 surveillance cameras used inside Tesla's warehouses, police stations, jails and hospitals around the world, is a reminder that even though recent nation-state cyber attacks on SolarWinds and Microsoft Exchange Servers are garnering headlines, hacktivist groups are still players in the global cyber ecosystem. This isn't a one-time breach as this international group of hacktivists have claimed responsibility for other breaches in the past. It makes no difference if the motives of any threat actor are social, political or financial in nature, when crimes are committed and laws broken. It is also a reminder how vast the threat landscape is. This breach appears to have been preventable if the administrator's username and password weren't exposed on the Internet. Preventative medicine starts when user credentials are frequently updated and security awareness training is regularly offered. Today, there are more than 1 billion surveillance cameras in use around the world and security is an afterthought in many of them, resulting in spying and unlawful monitoring of unsuspecting victims.

Unfortunately, the Malaysia Airlines breach is a reminder how many more strides need to be made before we can put all defenders on higher ground from the cyber attackers. It isn't acceptable to hear that the airline thinks the breach could have happened sometime between 2010-2019. Total transparency is needed and they need to hone in on more specific details and be completely transparent with Enrich members. I guarantee members were shocked, as I was, to hear that their personal information has been in the wild for more than nine years. It is beyond unacceptable. In the short term, Enrich members need to stay on top of their credit reports, check their bank statements regularly and frequently update their passwords. For Malaysia Airlines, they can come out of this either the hero or the villain. They can't be the victim. I suggest the hero by being honest, open and transparent about the immediate remediation steps they are taking and the preventative measures they are putting in place to protect Enrich members in the future.

The reported hacking of an Oxford University biolab by threat actors is another gutless and abhorrent act by cyber criminals. Due to the magnitude of the Covid-19 pandemic, and the fact that nearly 3 million people have died from the virus worldwide, I categorise this latest breach as an act of cyber terrorism. In the perfect world, loathsome groups like this would be brought to justice to face severe punishment. Unfortunately, we don't live in a perfect world, and cyber gangs will continue to carry out these attacks because time and time again they are successful.Oftentimes, these gangs are working as contractors for nation-states and by gaining access to the proprietary information Oxford's researchers have likely spent months working on, they will see a big payday. The good news is that the security researcher stepped forward to disclose this latest intrusion and that Oxford can simultaneously assess the damage and stop further exfiltration. In the future, collaborative efforts like this will enable cyber defenders to be perched on higher ground than attackers making it much easier to stop future terrorist attempts.

The silver lining for Bombardier is that they can use the opportunity from this latest breach to invest more time in checking all entry points to systems and their global network, and hopefully root out any other suspicious activity. While small in nature, the alarms should be blaring for all companies because Bombardier has admitted that designs for airplanes and plane parts are now available for free on the dark web. Losing IP is devastating for companies and, in this case, don't be surprised when China, Russia, and other nation-states use the stolen information for profit. Good for Accellion for urging its customers to migrate away from the vulnerable FTA web server that appears to have resulted in 100 companies being attacked and data stolen from 25 of them thus far. Accellion's transparency is commendable.

If news reports are accurate, Kia Motors has long since passed the panic mode in dealing with a massive ransomware attack that has affected operations for more than five days. From afar, it appears the attackers have taken Kia Motors to its knees. Think about the scale of the problem for a company of this size with tens of thousands of employees and thousands of dealerships. Every additional hour and day they are incapacitated is costing the company tens of millions of dollars that will not be recouped. While details are scant at this time, Kia's transparency about the attack is extremely important so that as an industry we can understand how the threat actors were successful and what can be done to eliminate the risk in the future. I've said it many times over the years, but at some point these wide-scale and massive cyber attacks will be a wake up call for companies to improve their security posture and roll out around the clock threat hunting services to increase the likelihood malicious activity can be uncovered in the beginning stages of an attack and stopped before material losses occur.

With the U.S. Secret Service and FBI involved in trying to determine the cyber culprits poisoning the Pinellas County, Florida water supply, this is another reminder that cyber threats against critical infrastructure networks are real. For nearly one year since the beginning of COVID-19 pandemic, threat actors have carried numerous acts of war against research companies, hospitals and other first responders. These attacks are brazen, shocking and downright maniacal. While this attack wasn’t against Florida’s two largest counties, Miami-Dade or Broward County, any attempt to poison a water supply should raise the eyebrows of local and state officials.

What's surprising about the manipulation of chemical levels in Florida’s water supply is the bad actors tipped their hands without first doing proofs of concept or stockpiling attacks for later use. What we don’t know if any successful attacks have taken place over the past few months and possibly not reported.

It is premature to infer what the motive of the attackers were and who they are. The actor at this point could be script kiddies, terrorists, criminal ransom, nation-state of any other actor. The correct response should be due process: investigate, understand, learn, improve, follow the investigation and data and constantly get better. Acts of War are determined by the State and among states. If the U.S. can point to a culprit and says it is, then that's what matters. The details thus far are scant but we will all be listening to the postmortem and hope the current administration provides a deeper response and holds the adversaries responsible for this act responsible. To be clear, the investigation is what matters. Where is leads, who it involves and how we interpret that are all to be determined.

The latest revelations about Foxton clearly look like a 'he said, she said' moment with a lot of finger-pointing. At the same time, it is a sobering reminder that cyber criminals are stealing sensitive data from consumers on a daily basis and yielding massive profits by selling the information on the dark web. To Foxton, I encourage more transparency and hope they will further come clean on what happened and disclose the preventive measures they are taking to tighten security and limit further exposure of sensitive information. It is clearly no laughing matter to Foxton's customers and they are looking for reassurance that their credit card numbers and other personal information aren't part of an extortion campaign against Foxton. My advice to Foxton's customers is to pay close attention to their bank statements and if anything looks suspicious to immediately contact their credit card company. They should also be offered free credit monitoring services for at least the next year by Foxton.

The findings from BT's research project are both exciting and sobering. For the 16 percent of executives surveyed that say they haven't been breached, or at least suffered some type of security incident in the past two years, they are either lying or don't have the security tools and services in place to better scan their environment for trouble spots. In other words, they can't see the adversaries and they are standing right in front of them. Coming on the heels of revelations from the Solar Winds supply chain hack in December, an intricate and targeted attack dating back to more than a year ago and impacting tens of thousands of companies around the world, BT's findings are hopefully a wake-up call to board rooms around the world.

The expanding digital footprint for companies of all sizes leaves them vulnerable to security incidents, sometimes of material nature, making the job of CISO's that much more important. Security excellence is hard to achieve, but there are organisations across the public and private sector doing a wonderful job today staying ahead of potential hot spots in their networks.

My advice for all CISOs and executives is to adopt an operation-centric approach to cybersecurity, instead of having security teams chasing countless alerts that oftentimes lead you down a never ending rabbit hole. Many traditional security products are hopelessly alert-centric and generate volumes upon volumes of information that appear seemingly unconnected, lack context, and take too much time to investigate to understand how they are related, even when they are part of the same attack. From a defender’s point of view, we can never win daily battles by spending time chasing uncorrelated alerts.

We must quickly identify, and respond to malicious operations with surgical precision, finding a path forward by future-proofing tomorrow’s enterprise. We need to detect earlier and remediate faster; to think, adapt, and act more swiftly than attackers can adjust their tactics; and to have the confidence as defenders that we can always identify, intercept and eliminate emerging threats in a matter of minutes rather than days or weeks.