After reading Vick Vaishnavi’s article, “The
Top Three Cybersecurity Threats You Aren’t Considering,” I can’t help but
point out that there are some holes. I
agree with Vaishnavi, that it is important we take a close look at the current
threat landscape before heading into 2014 – therefore we should take an even
closer look at what his story is missing.
For the past ten years, my teams and I have been engaged in
an epic war against cyber attackers. We
know who they are, where they fight, and the weapons they use. We do not wear flak jackets and we do not
carry M4s, but our fight is very real.
Armed with home-grown tools and closely-guarded methods, my very
experienced cyber warriors fight 60 to 80 hours each week to 1) learn the
battlefield, 2) understand points of infiltration, 3) outline methods of
attacker movement and covertness, 4) pinpoint methods of exfiltration, and
ultimately 5) kill the attacker’s foothold in a network. The military uses words like “fight” and
“deployment.” We use words like “work” and “travel.” The
words are different, but much of the strategic methodologies between
traditional warfare and cyber response are the same.
The cost of cybercrime must be taken with a grain of salt but certainly not ignored. In 2009, McAfee stated that they estimated the total global cost of cybercrime to be $1 trillion. This number is now used by public officials in citing the monetary impact of global cybercrime. The Center for Strategic International Studies (CSIS) released information this month stating that this number could be half or three times as high (CSIS, TheEconomic Impact of Cybercrime and Cyber Espionage, July 2013). McAfee, responded by stating that they are releasing a new study that will add more rigor to their numbers (Joseph Menn, Obama'strillion-dollar hacking costs claim exaggerated, McAfee-funded study says, July 22, 2013).