The New Weekend Warriors – Information Security Pros

1
446

As a former military veteran, I fully understand that the term “weekend warriors” is typically used to refer to military personnel on reserve status. These folks are normally tasked with some routine activities throughout the year with their affiliated military ‘unit,’ which is generally fulfilled during a weekend or two as not to disrupt their ‘day’ jobs.

However, have you noticed how similar a private cyber warrior is to a military cyber warrior? In suggesting this, I’m not trying to take anything away from my military brethren. But the duties, tasks and efforts are eerily similar. The nature and persistency of modern day cyber-attacks has forged a new type of information security professional – someone who needs to sacrifice nights, weekends, sleep and a personal life to answer the call of cyber defense duty. Sounds a lot like what I knew when I was in the military.

First, let’s put things into perspective. As 2012 came to a close it became clear that this past year would no doubt go down as epic in the memory books of information security professionals. If 2011 had a fanatical pace, 2012 was simply frenetic.  Also, if the relative efficacy of these attacks is any guide, then hold onto your hats for 2013, which has the potential to make 2012 look like child’s play.

If you look back on 2012, you can find a plethora of security programs that have been overrun by nefarious perpetrators and notice a sea change in what the risk landscape looks like compared to 2011. Below is a broad stroke of some of the most notable attacks that reflect “night and weekend defenses:”

  • Jan  – Feb: Anonymous attacks on various Israeli websites
  • March: Operation Global Blackout –Anonymous threatens to take out the internet by attacking the DNS infrastructure of the world
  • July – Aug: Admin.HLP Trojan threat advisory issued by Radware’s Emergency Response team in reaction to evidence that it wreaks havoc in wild
  • August: AT&T suffers a near day long outage originating from an attack on their DNS infrastructure
  • Sept – OctOperation Ababil launched against US banking interests. The vast majority of US banks suffer various degrees of outages including most of the top institutions. New SSL attack tool leveraged throughout this attack.
  • Nov – DecOpIsrael & OpZion launched against various Israeli interests as a results of ongoing political struggles

The list above reflects only a small portion of attack profiles for the year. But as they say, hindsight is 20/20. These attacks can act as “lessons learned” to educate us on how to handle future attacks for years to come.

All in all, what did we learn from these attacks in 2012? It’s safe to say that we’d be fooling ourselves if we believed that the overall successes were isolated to a few obscure examples or the result of luck. In my opinion, these attacks were by-and-large effective across a multitude of technologies, geographies and industries without regard to the size of the company, their security technologies, geographic operations, or amount of people studying the problem (e.g. security professionals and risk assessment results).

However, one of the most amazing lessons learned was that these attacks have grown in both persistency and scale as illustrated in the graphic below.

What the slide above reveals is that in a very short period of time (e.g. 18 months) we have seen the average duration of a cyber-attack increase from 3 days to 20 days. This number continues to climb as we closed out 2012 – both OpAbabil and OpIsrael lasted for over three weeks. We can also see that the number of security attack vectors rose from 4 to 7. A number that is likely to double again in 2013. These are staggering figures and require the resources of an internal security program staffed for 24/7 defensive operations with the ability to remain in constant fighting mode for more than three weeks.

But ask yourself this – is your information security program staffed for attrition and knowledge? For round-the-clock operations in defending against a cyber attack? On weekends?

If the answer is “no” – then you simply aren’t prepared for the coming fight.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here