How to prevent data destruction from cybersecurity attacks

At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with IBM’s Global Remediation Lead Christopher Scott about how cyberattackers get into environments, and why using multifactor authentication is crucial if you use an online service. The following is an edited transcript of the interview.

Christopher Scott: So I like to think of malware as a program that does something to your operating system, your computer, that is unintended. Destructive would be destroying the data that you care about. The data that makes your company unique, that makes you money. So allowing an attacker into your environment and then releasing a piece of code that you did not want running, it would be the malware, and then they would turn around and destroy the things that you care about the most, that’s the destructive state. And in some cases that will cause operational issues, right? You shut down the company, you shut down their operations, and you could also take data and use destructive as a way to hide that theft.

There’s lots of different ways that we’ve seen attackers get into environments, whether it’s an unpatched web server, failure to segment the networks as best people can, which is compartmentalizing things that are externally facing versus those that are internally facing. I’ve seen even attackers use online services that haven’t had multifactor authentication put in place. That’s one of the key things we want people to do is if you’d use an online service, use multifactor because a lot of those allow for password guesses to happen a lot because they get attacked often and those guesses can give you passwords and give you access into the systems.

You talk about protections, a lot of companies feel that they’ve got the best antivirus, they’ve got the firewall in place, but you have people that are at conferences, they’re at coffee shops, they’re visiting all kinds of other websites and if you look at
Zero Days
, even if you take into consideration, there’s a study out by Rand Corporation that shows that the average life of a Zero Day, or the time that an advanced attacker knows about that Zero Day until it is patched by the manufacturer is 6.9 years.

So you have to really consider that your machines are vulnerable and you need some way to detect that vulnerability, and then you need to protect and trust that you’re multifactor authentication to make sure you have the right people in your environments.

You could say that all of the data is at risk when you get this type of attacker, and that’s not a good place to sit is all of the data. I like to focus on the data that makes your company unique. The uniqueness of the company, that’s what drives revenue, that’s what makes you be able to stay in business and provide jobs, and healthcare, and all the things that people need. So focus on the things that make you unique. A lot of people will call that the crown jewels and focus, how do I protect that information? How do I segment it? How do I make sure that it’s only in the places that I want it to be? And then be able to detect when that data moves places or as in places so that we know that we have a problem going on.