Once a year, the Consumer Electronics Show hosts the Super Bowl of technology in Las Vegas. As I walk amongst the booths, I am keenly aware of being surrounded by the greatest inventors of computer electronics. Many of these devices are now connected to cyberspace – a once pacific environment, however, the cyberspace of 2016 resembles Syria more so than Silicon Valley.
Last year we observed a dramatic escalation of hostility online. The free fire zone of the Dark Web has encroached on the borders of corporate America with collective fury and tenacious sophistication. Corporations are dealing with a cybercrime wave that is taking advantage of their dependence on mobility and web applications.
Mobile attacks and successful intrusions into web applications have allowed cybercriminals to infest our information supply chains. Secondary infections are oftentimes occurring due to credential theft and correspondent lateral movement of attackers between networks. It was one thing when these adversaries burglarized our sensitive data but now, due to a scourge of Cryptoware and wiper attacks, they have escalated their modus operandi to include home invasion and arson.
In order to protect their intellectual property, brand and customers, American businesses must awaken. Corporations should alter their security strategies to account for secondary infections and destructive attacks. Greater attention must be paid to the security of mobile devices and the information supply chain. Security teams must accept that a cybercriminal already exists inside of their perimeter.
In 2016 integration of breach detection systems with intrusion protection systems will be quintessential to managing the pretense of an adversary. Given that situational awareness, corporations must immediately revamp their incident response plan to incorporate their information supply chains’ risk to destructive attacks. They should expect to be hit and prepare to survive a cyber home invasion.
As evidenced by the 2016 Consumer Electronics Show, every product we own will become active in cyberspace. It will only be a matter of months before an Internet of Things enabled device allows for lateral movement into a corporate network or, even causes the death of a user due to a cyberattack on their reality.