The War on Your Data
What’s the biggest security threat the U.S. faces today?
It isn’t something that’s on the mind of the general public… much. It isn’t garden-variety terrorism, for one thing. I’m not talking about some radical extremists shooting up a holiday party.
The threat I am talking about is not something that’s actually visible on a grainy security video, and it’s not something over which you will see blaring news headlines for days on end.
But it’s a huge danger, both to the government and private interests. And we are at war against both, whether we like it or not. Private groups and foreign governments are very interested in quietly prosecuting this war. The early casualties of this war aren’t measured in body counts but in stolen information coded in ones and zeros.
That’s because we are in a cyberwar.
This threat is far more likely to affect you personally. Let’s face it, the odds of you or me dying in a terrorist attack in the U.S. are pretty slim. Having your personal information stolen from your favorite retailer’s network, on the other hand, is far more likely.
Millions of Americans have become digital casualties in the cyberwar. It’s already happened to tens of millions of shoppers at Target and Home Depot. In March 2015, when health insurance company Anthem was attacked, as many as 80 million Americans’ personal data were threatened. That’s more than 25% of the population.
And consider attacks on the U.S. government. Last year, the Office of Personnel Management’s employee database — which stores the personal data of millions of federal employees, including fingerprints — got hacked… hard.
According to J. David Cox, president of the American Federation of Government Employees: “We believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to 1 million former federal employees.”
That’s pretty bad, but it gets worse from a national security standpoint. Questionnaires for national security positions may have been purloined as part of the attack. Prospective applicants are required to put some very private personal information in these forms. The attack raises the question of whether or not civil servants in some of the most sensitive national security jobs might now be subject to blackmailing.
And the problem isn’t going away. Just recently, Juniper Networks, maker of firewalls and other network security equipment, was breached. Apparently, there has been a bit of code lurking in Juniper’s own firmware that’s just perfect for gaining backdoor access to encrypted communications.
I wonder how it got there. Is it an NSA back door? Did the Chinese government get someone into the organization?
Whatever the reason, Juniper supplies a formidable slice of the market with its cybersecurity offerings. Juniper’s stuff is designed to protect the digital doorway to an institution’s network. I used to program these devices to keep financial data safe when I worked for a financial firm responsible for billions.
Juniper is also a vendor to various government agencies at various levels. The fear stemming from this newfound security hole is obvious: cyberthieves gaining access to government’s encrypted communications and data.
New Technology Needed to Address Threats
By now, it’s obvious that traditional methods of managing threats are spectacularly not working. The realization is dawning on everyone. Just last year, for example, cybersecurity juggernaut Symantec declared antivirus software “dead.”
And why shouldn’t it be? Often, by the time a breach is recognized, it’s too late. You’ve been robbed in the dark. When the sun comes up, the goods are long gone.
The futility of traditional network and data security is also driving a shift. If an $11 billion market cap cybersecurity company like Juniper can’t stay safe, then who can?
The focus is moving from protecting the hardened edge of the network to protecting the soft gooey filling. The shift is toward minimizing the damage from breaching the network’s edge.
Many of the biggest cyberheists have occurred from gaining access to sensitive data using privileged accounts. These are accounts on the target network with master access to sensitive files. Once the hackers exploit a vulnerability on the edge of the network, the first order of business is searching for a way to gain control of an account with the privileges needed to access a resource.
And sometimes, hackers don’t even have to do that. Scamtastic phishing emails and unwitting users can grant access to an account “on the inside.” Attackers then use that account to access sensitive data if it is privileged enough, and if it isn’t, it’s still a foot in the door to snoop around the digital premises and find a powerful account that is. Accounts can be used to install software that can worm its way through the network, installing back doors or capturing and sending data.
Furthermore, strong perimeter protection does little good if the attack is coming from a company insider with high privileges to network resources and data. You can have a hardened network edge, secure data and encrypted communications… all for naught.
Cybersecurity companies have tried very hard to make sure the networks’ doors are shut with good, strong locks. But if the attacker has access to a privileged account that holds the digital keys, it does little good.
The key is developing tech that gives us an additional layer of security to protect the vulnerable insides of the network. Companies that protect the network’s edge or monitor the enterprise data infrastructure for a breach are a dime a dozen. However, fewer companies participate in this part of the network and data defense market.
With the menace of cyberattacks growing daily, I expect we’ll see strong growth — and big profits — from the growing cyber security sector.
To a bright future,
Ed. Note: Get the top investment trends for 2016 in medicine and technology from the former head of the most popular science magazine in the world. Simply sign up for our Tomorrow in Review e-letter for FREE right here. Don’t miss out. Click here now to sign up for FREE.