Cyberterrorist attack would be more sophisticated than past worms, expert says
IDG News Service - WASHINGTON - No hard evidence exists that shows a cyberterrorism attack on the U.S., but when such an attack comes, it is likely to be much more harmful than the current crop of relatively unsophisticated viruses and worms that have caused billions of dollars in damages, a cybersecurity expert said.
Terrorism groups have planned cyberterrorism attacks for years, and those attacks are waiting for a vulnerability to trigger them, said Norm Laudermilch, vice president of managed security services for VeriSign Inc.
"Anybody think we're dealing with dumb terrorists?" Laudermilch asked a crowd on Monday during a seminar on cyberterrorism at Computer Security Institute's Computer Security Conference and Exhibition in Washington. "We're not going to have a month to patch our systems, because the plan is going to be already in place."
Laudermilch classified about three-quarters of the attacks VeriSign sees on its customers' networks as "sport" attacks -- those done by amateur hackers trying to see what damage they can do. And while only about 5% of the attacks Laudermilch sees would be classified as motivated by politics or a foreign government, companies need to be prepared when and if more of those kinds of attacks come, because enemies of the U.S. are strongly motivated by hate, he said.
"I'm not trying to be too negative, but we're dealing with a completely different type of intelligence than some of the massively successful attacks we've seen on the Internet recently," Laudermilch said.
The SQL Slammer worm, the Sobig-F worm and the Blaster worm, all of which hit in 2003, were relatively simple attacks, and many companies recovered within hours or days, although the damage still ran into the billions of dollars. The ability to catch these attacks is a kind of "criminal Darwinism," in which unsophisticated attackers are easily spotted, Laudermilch said, but cyberterrorism may not be so easy to recover from.
"We're good at catching the attackers who aren't so bright," he added. "But are we catching the more complex attacks? Are we catching the more stealthy attacks?"
To combat the potential of cyberterrorism, companies must pay attention to several areas, Laudermilch added. Even though many U.S. companies continue to cut or hold off hiring new staff, they need to focus on security and effective use of intelligence, he said. Most U.S. companies fail in those two areas, he said.
Many companies do not have processes in place to even keep track of all the computers on their networks, he said, and U.S. companies are often unwilling to share their security problems with others. He called for more sharing of security data as a way for more companies to understand cyberattacks.
Companies often buy a host of security products, including firewalls, virus protection and intrusion detection systems, but they don't understand all the functionality those products provide, Laudermilch said. Companies often don't buy products that help them make sense of their security scans or data, or they don't take full advantage of those tools, he added. Many companies buy firewall products, spend a few hours setting them up, and rarely pay attention to them again, he said.
"The problem is once they select this technology, few people spend the time it takes to understand everything that product can do for them," he said. "Making the best use of this technology relies on your ability to take what these tools give you and turn it into intelligence."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts