You probably heard that the White House computer network (the unclassified network and that’s an important detail) was hacked allegedly by representatives of the Russian government. However, as eSecurity Planet pointed out, it was a breach that we should still worry about:
While the White House says no classified systems were accessed, CNN reports that the hackers were able to access some sensitive information, including real-time, non-public details of President Obama's schedule.
The hack apparently happened in the fall of 2014, but the details are just now coming out. In any case, we shouldn’t be surprised that the White House network was a target, Raj Dodhiawala, SVP and general manager, ManTech Cyber Solutions International, told me in an email:
“Russian hackers and other nation-states are aggressively probing and looking for entry points in the networks of our government and blue chip corporations. Today, cyber warfare is leading to massive amounts of IP theft and espionage because network-based detection and prevention is weak at best, and such attacks will continue to be successful.”
That’s right. Just because it is the White House or government agencies where security needs to be a top priority doesn’t mean that their cybersecurity systems work any better than the mom-and-pop shop down the street. As Greg Foss, senior security research engineer with LogRhythm, said to me in an email, your security is only as good as your weakest link, and cybercriminals will continue to do what works to get past that weakest link – in this case, spearphishing emails sent to the State Department. Foss went on to say:
“For these reasons, pervasive visibility inside the network is something that organizations need to seriously consider. Monitoring and alerting on the first indicators of lateral movement can be the difference between detecting an attacker within a few days or a few months. Monitoring endpoints, segmenting networks, laying traps, creating baselines of what is normal and then digging into the ‘abnormal,’ all are effective strategies for reducing the mean time to detect and respond to an intruder.”
This is true whether you are the White House, a big box retailer or a financial institution. Hackers will have different agendas, of course, but the result is always going to be the same: a potentially devastating loss of information that could cause harm to innocent people. If we want to be able to thwart these attempts from nation-states, Dodhiawala said we have to do a better job detecting and responding to advanced threats on computers and endpoints faster and more confidently in order to reduce the risk and damage, and even thwart sophisticated, multi-pronged attacks.
I will say this, though. If this hack happened to the classified network, this story would have a very different urgency to it. But it would still come down to the same issue – security is only as good as the weakest link. But you’d hope that those working on sensitive government networks would have a greater understanding of how important good security is. Especially as we expect to see a rise in cyber espionage.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba