Next-Generation Cybersecurity Ratchets Up

February 25, 2014

John Walecka

Hardly a day goes by without news of another cyberattack. Supposedly well-guarded corporate, government or consumer data land in the wrong hands thanks to crafty hackers who attack allegedly impenetrable networks in search of valuable data. On Jan. 30, Yahoo surfaced as one of the latest victims when the company disclosed that its users' email accounts had been compromised. In 2013, Target, Neiman Marcus, the U.S. Navy and even Internet companies like Twitter and Living Social, were victims of major cyberattacks.

So it should come as no surprise that U.S. intelligence officials ranked cybersecurity as the number one threat to U.S. interests during a recent congressional hearing. Despite years of widely reported and costly break-ins, we are still woefully deficient when it comes to protecting our digital assets.

The problem is that the systems and safeguards currently in use have not kept pace with the rapid technological changes. Traditional security mechanisms, such as firewalls and antivirus systems, are static, difficult to configure, and even tougher to update as new threats emerge.

Most successful attacks today are based on so-called zero-day exploits, meaning that the attacks have never been seen or used before. They are also able to adapt quickly, so if one approach is blocked by a firewall or antivirus system, the exploit repackages itself so as to be undetectable. What's more, breaches today are persistent, meaning that once attackers get into a system, they are able to hide software carefully that waits for instructions on how to proceed. In the recent Target case, the malware was installed through a previously unknown hole in an HVAC provider's system, and it remained inside the point-of-sale system for months, quietly collecting the personal and credit-card data of millions of customers. Investigations into how this breach occurred are still ongoing.