Head of Information Security at Directly, leading and managing a cross-functional annually audited InfoSec program, and IW CDR in the USNR.
Last week we learned about the hack of a network monitoring software, SolarWinds Orion, that has the potential to be the most pervasive hack in U.S. history, affecting leading security firms, as well as government agencies and Fortune 500 companies. By hacking a leading monitoring software amid an unprecedented pandemic, which rightfully required our attention, Russia, the alleged nation-state behind the hack, potentially gained undetected access to an enormous amount of confidential data from more than 18,000 leading organizations from March to December 2020. While we will still be assessing the full impact of the hack’s effect in the days and months to come, this article will reflect on three important points from the hack.
All Computer Systems Are Vulnerable
First and foremost, the hack starkly reminds us that all computer systems are vulnerable to hacking. Anything that is connected to the internet can (and, in many cases, will) be hacked. The only way to be 100% hack-proof is not to use a computer system: Put it in a box, pour concrete over it and bury or throw it in a body of water. Information security assesses, manages and significantly reduces but does not eliminate risk to our computer systems and networks. It would be wise to assume that our systems and networks have already been hacked. Like scientists, we need to find evidence of that hypothesis and initiate the incident management plan to remediate and recover as quickly as possible. We need to build resilient systems that are expected to get hacked but quickly recover.
For computer crimes to be successful, three simple things have to be true about the criminal:
1. They must have the desire to obtain possession of the “victim.”
2. They must have the skills, knowledge and ability to commit the crime.
3. They must have the opportunity to commit it.
With enough time and resources, criminals and nation-states who have a high desire to access confidential data, will improve the ability and find the opportunity to exploit vulnerabilities to get…
Read Greg Myre and Laurel Wamsley explain how FireEye was able to detect the sophisticated and massive SolarWinds hack attack on NPR:
The first word that hackers had carried out a highly sophisticated intrusion into U.S. computer networks came on Dec. 8, when the cybersecurity firm FireEye announced it had been breached and some of its most valuable tools had been stolen. “We escalated very quickly from the moment I got the first briefing that, ‘Hey, we have a security incident of some magnitude,’ ” FireEye CEO Kevin Mandia told All Things Considered co-host Mary Louise Kelly. “My gut was telling me it was something we needed to put people on right away.”
Read their full article here.
For more see : FireEye and SolarWinds.
How Is FireEye Setting An Ambitious Glance Into The Security Analytics Market Dominance
FireEye, Microsoft confirm SolarWinds supply chain attack
Some Quick Lessons Learned From Massive Regional Power Outages
ARMONK, N.Y., Jan. 12, 2021 /PRNewswire/ — IBM (NYSE: IBM) scientists and researchers received 9,130 U.S. patents in 2020, the most of any company, marking 28 consecutive years of IBM patent leadership. IBM led the industry in the number of artificial intelligence (AI), cloud, quantum computing and security-related patents granted.
“The world needs scientific thinking and action more than ever. IBM’s sustained commitment to investing in research and development, both in good and in challenging times, has paved the way for new products and new frontiers of information technology that have greatly benefited our clients and society,” said Darío Gil, Senior Vice President and Director of IBM Research. “The culture of innovation at IBM is stronger than ever, thanks to our inventors worldwide who devote themselves to advancing the boundaries of knowledge in their respective fields every single day.”
IBM led the industry in the number of U.S. patents across key technology fields:
- Making AI More Intuitive
- IBM received more than 2,300 AI patents as inventors developed new AI technologies to help businesses scale their use of AI. Patents in this area ranged from technology to make virtual agents more responsive to emotions when speaking to customers, to AI that can help people make difficult decisions — summarizing key decision points from a variety of information sources, both written and verbal, and presenting them in easy-to-understand visualizations. IBM is focused on delivering innovations in natural language processing, automation and building trust in AI, and continually infusing new capabilities from IBM Research into our IBM Watson products. In 2020, this included the IBM Watson team announcing the first commercialization of capabilities from Project Debater – a technology that digests massive amounts of text and constructs a well-structured speech on a given topic and delivers it with clarity and purpose.
- Streamlining Hybrid Cloud Deployments at the Edge
- IBM received more than 3,000 patents related to cloud and hybrid…