5 minutes with: Danny Lopez, CEO, Glasswall
What have been the biggest cybersecurity challenges historically faced by the defence industry?
Organisations in the defence industry are high-value targets for cyber criminals due to their critical importance in protecting national interests and the sensitive data they hold. They are often well-funded and well-protected organisations, but cyber threats are becoming increasingly complex and harder to defend against. The recent high-profile supply chain attacks are a prime example of how even the most secure organisations can be impacted. These attacks are concealed in legitimate software products, where malware is embedded in updates which allow an attacker into the target IT environment. By the time the threat is discovered, the attacker already has access to the system and its sensitive information.
These were the circumstances under which the infamous SolarWinds attack of 2020 occurred. As well as impacting businesses such as Microsoft, Intel, and Deloitte, this attack was almost certainly designed to penetrate highly sensitive government agencies including the US Department of Homeland Security, the National Nuclear Security Administration, and parts of the Pentagon.
What is the threat landscape like now, and what cyberthreats can we expect to see in 2022?
The world has been experiencing a ransomware explosion in recent years, which will likely continue in an upward trajectory in 2022. Ransomware has become a key revenue generation tool for cyber criminals and attackers are finding new and creative ways of maximising their returns. In 2022 we will see attackers using a more personalised approach, aimed at blending into target networks to look like a legitimate insider. We’ll likely see ransomware crime organisations demanding less and offering flexible payment terms – all with a view to sustaining and increasing their primary revenue stream.
We need to learn from our mistakes and stay vigilant. While it's impossible to look into a crystal ball and predict exactly what’s to come, we can ensure we’re moving forward to a more secure future by taking a new approach to how we prepare for and defend against these types of attacks.
What is file sanitization technology?
For many organisations, file sanitization technology – also known as Content Disarm and Reconstruction (CDR) – is offering a new, proactive solution to file-based threats. The protection it offers is instant, unlike reactive security solutions such as anti-virus, and doesn’t require a threat to have previously been identified. Files and documents – which are often used to deliver a ransomware payload – undergo a rapid four-step process. The incoming file is (1) inspected to ensure its digital DNA does not deviate from the manufacturer’s ‘known good’ specification, before (2) being cleaned to remove any active high-risk content. The file is (3) rebuilt to the ‘known good’ specification, and finally (4) the file is threat-free and can be delivered to the user.
How does file sanitization technology help the defence sector protect against cyberthreats?
Due to the potentially catastrophic consequences of any cybersecurity mistakes made in the defence and intelligence sector, these agencies cannot rely on reactive solutions – their frontline must be impenetrable. Content Disarm and Reconstruction is a proactive solution the defence space has relied on for some time now to ensure files moving into an organisation do not contain malicious material. The technology rebuilds each file to its ‘known good’ standard and proactively removes any structural component that might cause disruption without altering the visual identity in any way. Significantly, the instantaneous nature carries out the process without interrupting critical defence operations – neither security nor productivity are compromised.
What lessons can the private sector learn from the defence industry’s successes in fighting cybercrime?
While the defence sector may be one of the biggest targets for cybercrime, it also has a strong record of successful defence. Indeed, the National Cyber Security Centre (NCSC) recently revealed it defended the UK from 723 cyber incidents in the last year – an average of 60 attacks per month.
This level of protection is only possible through applying stringent cybersecurity measures – such as a zero trust approach – and this is where private sector business leaders should take note. With zero trust security, no individual or device is trusted by default, regardless of whether they are inside or outside a network. Executing this successfully requires a range of technologies to work in harmony, ensuring that a user or device is verified not just once, but every time they access or move through the network. File sanitization plays a crucial role in the zero trust architecture. Every file is treated as malicious – no file is trusted by default, whether it’s entering the network or moving within it. The commercial space can learn a lot from how the defence sector has benefitted from this approach, and file sanitization is an effective starting point for any organisation looking to do this.