This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Albert Heinle, CEO of Heinle Solutions Inc., Creator of CoGuard.
How have cyber attacks evolved over the past 12 months?
Besides the classic attack scenarios and attack vectors such as inside jobs and ransomware, we have observed an increasing number of attacks on blockchain technology aimed at scamming people out of their crypto-currencies (see this example where an invalid NFT on a Banksy piece was auctioned off) and instances where attackers have taken advantage of bugs in smart contracts (Iron Finance). And sometimes, simple accidents have dire consequences, as in the case of Compound, where $90M was accidentally paid out to users.
So it’s not really that revolutionary new attack methodologies are evolving, but rather old methods are being applied to new, hip areas.
What lessons can be learned from the biggest cyber attacks in recent history?
I believe that a strong foundation in a company’s infrastructure plays a crucial role in protecting one’s data and reputation. Infrastructure is the new code. And just as we’ve put rigor around the software development and change process, we need to invest in more rigorous processes and automatic checking around infrastructure change until we reach the same level of quality and saturation that we now have for software.
The key to prevention against sophisticated attack scenarios lies in deploying AI to detect malicious activity. However, the quality with which cloud deployments are made today render these efforts almost meaningless. At the root of the issue is human error. Even the biggest players with the deepest pockets are not safe from human error risk (consider Microsoft, Solarwinds and Capital One). So while an investment in good monitoring is a good layer of defense, we need to also build a good foundation, one that employs defense in depth and zero trust policies. This means becoming more diligent, automatically checking work and creating a company culture that prioritizes and promotes security. That may mean tolerating certain inconveniences and delays, but rewards through risk elimination are worth those minor annoyances.
What will cyber attacks look like in the future?
Cyber criminals will always go for quick wins, unless they are led or funded by governments. In the latter case, we are looking at higher levels of sophistication. In the former case, the targets will remain in “Blitzscale” sectors like today’s blockchain. Cyber criminals follow the money. In these newer fields there’s a lot of money transacted, but little attention paid to cyber security. So they are basically sitting ducks.
What are three pieces of advice for organizations looking to get ahead of the cyber attacks of the future?
- Is your IT department approaching infrastructure change in the same way your software developers approach changes to code. Are they versioning their configurations? Do they have a proper review process? Are they using modern configuration management tools purpose-built for managing infrastructure change? If not, fix these problems fast.
- If you outsource part of your IT infrastructure management to external vendors, are you doing your due diligence surrounding their processes? Are you asking for AND enforcing certain security standards? If not, do so, and be picky about it.
- Do you think compliance = security? Think again.