An important US energy company was attacked by a malicious hacker because it was unable to close the email account of a former employee. For Florida water companies, it was a case of inadequate housekeeping when it came to deploying patches to defective old software that led to supply disruptions.
These can be that small, seemingly innocuous holes and glitches in a company’s IT network and management policies can be a gateway to a much larger disaster, and the consequences can go far beyond the realm of a single company or institution. There are just two examples of Nicole Perlroth showing that there is. In the hyper-connected world, when a hacker gets a digital toe on the door, it’s much more capable of causing destruction and havoc in a much wider area. Perlroth details in her book. This is how they tell me the end of the world, Winner Financial Times and McKinsey Business Book of the Year 2021.
This book is a horrifying story about the dangers posed by inherently vulnerable IT systems at the heart of the rapidly expanding global cyber arms race. Covered by Pearl Ross as a cybersecurity reporter for the New York Times for 10 years from Silicon Valley, this vague world player is no longer just a criminal or a mischievous bedroom-based hacker, but a nation-state with a clear positive intention. It is an actor of.
The situation has only worsened since finishing the book published earlier this year. In particular, the move towards pandemics and the accompanying telecommuting and hybrid work arrangements has provided criminals or hostile state officials with additional opportunities to exploit enhanced IT systems. “The attack surface has expanded,” she says.
In the midst of that is a wild and vague market where hackers exchange knowledge about network and operating system holes and vulnerabilities. For example, the back door to the smartphone operating system sells for millions of dollars. These hacks, known as “zero-days,” have moved away from margins and have become one of the main areas of operation for malicious activities.
“It’s a healthy market,” explains Perlroth. There is one important condition. Participants never talk about it because revealing knowledge about an attacker’s system vulnerability is to make the vulnerability worthless as the target moves quickly to fix it.
The book begins with Perlroth arriving in Ukraine after Ukraine has been the victim of a persistent and widespread cyberattack organized by Russia. Government agencies, transportation systems, automated teller machines, and utilities have all been hit by what she describes as “Ground Zero, the most devastating cyberattack the world has ever seen.” I am.
But the bigger point of Perlroth is that these events don’t just happen far away. Countries that are rich, industrialized, highly networked, and digitally dependent, such as the United States and the United Kingdom, are particularly vulnerable and unprepared. “There is no cavalry,” she said, adding that she wrote the book because “I want to awaken people.” As she sees, the magnitude of the threat is shown in the title of the book. Without change, “We are facing some tragic cyber-triggered events that have defeated us all, or are where we are, death by 1000 cuts.”
Governments, businesses and individuals are all part of the problem. State-led offensive cyber strategies often take advantage of blinding and exploiting flaws in widely used software programs. Enterprises often see cybersecurity as a cost center that needs to be under tight control. Individuals usually feel that they do not have a meaningful role in a much larger conflict.
Perlroth says it needs to change rapidly, especially since the emergence of artificial intelligence only exacerbates the situation, if not irreversibly. Policy makers need to be aware that future geopolitical conflicts “will occur as cyberwarfare or have strong cyber elements.” The winning country “will look like digital Israel,” she says. “A country that can continue to perform its most basic services while surrounded by hostile activity.” The United States and the United Kingdom, which she frankly added, are not in that state. “You can’t win any more war without strengthening your cyber defenses.”
Companies need to be more accountable to themselves. The board needs to ask the chief information officer and security guards, “Are you affected by the next nation-state dispute, will you endure it, or will you unknowingly be at the forefront of that dispute?”
“You may not think you are a business target. You may think your own data is protected. But monitor what is happening on your network. If not, it could be used as a conduit for nation-state espionage, “says Perlroth. “You have the lowest common denominator.”
When it comes to what a company can do, the number of actions required is fairly straightforward — and already known. This includes educating employees not to click attachments and links, providing training on phishing and other common hacking tactics, introducing two-factor authentication, and changing passwords on a regular basis. Includes doing. In other words, as Perlroth says, it says: You need to prioritize them. ”
But there’s still a lot to do. That’s why Perlroth himself decided to leave journalism and join the US government on a two-year mission as an advisor to the Department of Homeland Security’s new cybersecurity agency. This group brings together experts in politics, government, the world of technology, Perlroth and more.
As a Silicon Valley journalist, she believes she has established herself as a “connector” and “translator” among different worlds and actors who often have difficulty communicating and interacting with each other. “We must work together with businesses and governments to get out of this turmoil, including a level of collaboration and cooperation not seen in the West.”
Frederick Studemann is a literary editor at FT
We need to work together ‘to hack our way out of this mess’ Source link We need to work together ‘to hack our way out of this mess’