In March 2013, Praescient is hosting a forum discussion on the emerging trends of cyber security, the third event in the series of the Knowlton Project. The presentation will feature a sophisticated technical demonstration on cyber security threats, followed by a discussion on the way in which organizations in government and the private sector can best defend against these evolving challenges.
Today, cyber security is cited as a top priority among policymakers. President Obama is seeking to allocate $769 million to the Department of Homeland Security alone for information security initiatives. Despite the resources directed towards this effort, private and public organizations continue to lose billions of dollars while their networks are hacked and their intellectual property is stolen.
In short, cyber hacking events continue to rise because most companies use static security measures to fight the dynamic threat. The average organization’s cost of a data breach in 2010 was estimated to be $7.2 million. A recent study (pdf) conducted by Verizon and the U.S. Secret Service illustrates how current cyber security measures fall short of protecting networks:
- Almost 50 percent of the breaches investigated were attributed to insiders.
- 87 percent of breached organizations had evidence of the breach in their log files and did not detect it.
- 48 percent of breaches were attributed to users who intentionally abused their right to access corporate information.
- Most breaches in their sample (85 percent) were not considered “difficult” and could have been avoided without “hi-tech” or expensive measures.
The cyber security community has not fundamentally changed the way networks have been protected over the past four decades. Much effort has been placed on “building a bigger firewall” – expanding the virtual moats and perimeter defenses that surround networks. This approach proved sufficient until about five years ago, when cyber threats evolved. To truly combat advanced cyber threats one has to understand there is no panacea. Cyber security is a constant fight – it is a journey not a destination.
Effective cyber security is defined according to three core pillars: confidentiality, integrity, and availability. Defending against such advanced threats requires a more interactive approach. In addition to meeting all compliance standards, the most effective way to mitigate advanced threats is through a three-point solution: network monitoring, penetration testing, and cyber analytics.
Static cyber defense architecture will continue to be a key tool in the fight against malicious actors, but they are only part of the solution. A holistic approach to cyber security is a much more effective method of minimizing the impact of a network intrusion. By merging the skill sets of information assurance and intelligence analysis, the new field of cyber analytics will soon integrate into business models.
The Knowlton Project, named in honor of Thomas Knowlton, America’s first true intelligence professional, is an important effort to anticipate, understand, and solve our nation’s most pressing national security challenges. Through this initiative, Praescient aims to bring together a network of experts in national security, defense, technology, and business who can bring their collective knowledge and experience to bear on these critical issues.