This guest blog was contributed by Srinivas Kumar, VP of IOT Security, DigiCert.
Ransomware has been in the headlines recently, but its origins go back decades. As far back as 1996, major cyberattacks were launched against public sector organizations, including the U.S. Department of Defense, Department of Justice, the U.S. Air Force, and the CIA.
Today, we’re regularly witnessing high-profile attacks on key infrastructure assets around the world. Thousands more ransomware attacks each day are likely going unreported as well. Yet despite the ongoing issue, government bureaucrats and corporate leaders have been reluctant to invest in transformative innovations in cyber defense. In this article, we’ll consider what’s needed for effective ransomware defense, and point a way forward.
Cybersecurity priorities have evolved
In the formative days of the Internet, ensuring network and endpoint security was a much more straightforward challenge. Organizations focused primarily on monitoring user systems like enterprise desktops and servers, as well as personal computers. The emphasis was on maintaining compliance and security standards for data privacy and protection. As new technologies emerged and user workstyles began to evolve, cybersecurity became more complex. Increasingly mobile workers and bring-your-own-device models required remote access over virtual private networks, along with strict network admission controls.
The emergence of the Internet of Things (IoT) introduced new challenges, with a soaring number of devices operating in increasingly cloud-based environments. Today, organizations are applying artificial intelligence (AI) and machine learning (ML) to strengthen the safety and security of connected things, together with device hardening for additional resilience and operational efficiencies.
In the near future, the cloud-driven digital revolution will merge with “end-to-end” digital transformation trends. A limited, short-term perspective on cybersecurity will no longer be tenable in a threat landscape of sophisticated cyberattacks staged by nation state actors and global cybercrime organizations that operate with impunity.
The consequences of a major cyberwar could be catastrophic. Consider the impact of weeks or months without water, medical services, utilities, public transportation, or Internet access, as ransom is negotiated, and compromised infrastructure restored.
Setting a new course
The stakes are higher than ever in cybersecurity and making the necessary course correction requires a new approach. Just as replacing humans with machines was the focus of the industrial revolution, the cyber revolution will require us to augment human intelligence with machine intelligence.
Like any major shift that impacts our lives and workplaces, today’s new cyberspace trends will require education and retraining. Transforming cyberspace into a safe space will require robust international standards and regulations for safety and security of connected devices and things. In today’s environment of information technology (IT) and operational technology (OT) convergence, detection and prevention are equivalent to the masks we depend on to slow the spread in a pandemic. Device protection goes a step further toward restoring normalcy, acting as an immunization countermeasure for cyber resilience.
It's clear that the time is now to “immunize” our devices, instead of simply piling on additional masks in the network wiring closet. Today’s hackers have caught up with traditional detection and prevention tools and methods. At the same time, the sheer volume of events with low signal-to-noise ratio, together with the escalating expense of post-breach forensics to generate threat intelligence, make it obvious that traditional strategies are no longer sustainable. Powerful nation state adversaries now have the firepower to overcome detection methods based on deductive, inductive, abductive reasoning, Bayesian logic (statistical), and Markovian (stochastic) models.
Security professionals have done their part to respond to today’s threats. They have applied solutions like intrusion, malware, and anti-virus detection, anomaly and behavior detection, and event and log correlation to protect their organizations. Nonetheless, adversaries hold the first strike advantage and are often steps ahead. If they encounter an obstacle, they are quick to innovate and work around it.
The nature of today’s global supply chain makes cybersecurity more complex as well. The current supply chain is filled with visibility gaps at the component level, and often relies on blind trust in data. The global, fragmented market with export and import controls introduces further challenges, and today’s worldwide economy lacks international cybersecurity treaties that could help deter cyber criminals.
The security by design approach
As ransomware and other threats continue to evolve, it’s up to original equipment manufacturers to step up and implement security by design in their solutions and processes and unleash the potential of AI engineering at the edge and in the cloud. Business leaders in global corporations must look beyond short-term profit and loss charts, and focus on the long game, with intrinsic value creation to protect infrastructure elements and drive new economic opportunities.
Innovation is accelerating in deep/machine learning, AI, zero trust networking models, and digital twins, but they rely on foundational safety and security in devices. To enable organizations to unlock the promise of digital transformation, manufacturers should support authoritative device identification with digital identities for secure onboarding, attestation of platform trust, mutual authentication between peers using trusted digital certificates, and more secure supply chains.