When we first heard of mischief online, it was young kids who would stay up all night hacking into the grading system at their high school and changing grades.
Now we yearn for the good old days because we quickly saw that organized crime began to find access to the internet
and begin to squeeze out mischief makers to replace it with some serious efforts to compromise people’s finances, steal money, extort folks. Criminals began to understand that it was a lot easier to rob banks online than it was to go through the front door of a bank with a gun and risk life and limb. And the crimes got increasingly more sophisticated.
Then we saw increasingly nefarious kinds of activity online, and we began to see terrorism and nation-states begin to get engaged in activity online that would feed their national objectives. This took place over a period of about a decade and, gradually squeezed the mischief out of our concern. And we began to focus on the criminal element and the nation-state activity that was a problem.
Now all of these actors have different faces. The young kid that is hacking into a system, the criminal, a nation-state adversary used similar approaches. They will do reconnaissance at the beginning of an attack, find an avenue to enter a system, stay low and slow and find a way to dig in, and then begin to navigate around the system and systems that are connected to it in order to find what they’re looking for, and then gradually exfiltrate what they’re looking for and stay over a long period of time if necessary.
Recent data breach reports indicate that the average data breach is not discovered in an organization for over 200 days,
almost the better part of a year. So adversaries today have been able to disguise themselves and go unnoticed and steal, take intellectual property, gather data at will. And so this process is pretty much the same no matter who the adversary. It’s a matter of, how do we operationalize cybersecurity within our organizations to detect this activity and defend against it?