How to catch a hacker: What’s behind the heightened state of cyber espionage?

When it comes to hacking and cybersecurity, the US is now-- more than ever—in the midst of a critical state of cyber espionage.

Obama’s order to investigate Russia for tampering with the election to sway results in favor of Trump further proves that hacking has become about more than just disrupting organizations or defacing websites. It’s about espionage, particularly on the part of sophisticated groups that have alleged ties to nation-states.

ADVERTISEMENT

President Obama has the right—and the responsibility—to actively investigate any sort of allegations that another nation state is infiltrating our nation’s networks, and President-elect Trump and officials on both sides of the aisle should be in full support. It's vital to have transparency around our election and the security of our infrastructure. What’s more, this isn’t an issue of ‘catching hackers red-handed.’

Attribution is complex, which is why forensic analysis is key to helping trace the source (i.e. location) of a hack. This point of contention with Russia has been an issue for months, and it’s time our nation took action to uncover the truth. Free and open elections form the bedrock of our democracy and even the possibility that that a foreign nation may have influenced a presidential election should be thoroughly investigated and rise above partisan politics.

Now taking a step back, it’s also important for us to better understand the real world implications of cyber espionage. So let’s take a look at the motivators, our vulnerability and the possible impact this vulnerability could incur. We need to mitigate this problem before it gets out of hand.

Who and Why
Motivations and attribution in cyber espionage cases are always dubious at best, as it often is in cyber incidents. But it hasn’t stopped the U.S. government from officially investigating Russian involvement in hacking the DNC and other political organizations and leaking the information to WikiLeaks to interfere with the recent presidential election.
 
It has never seemed far-fetched for a cyber superpower like Russia to conduct cyber espionage. Impacting the presidential election could work to their benefit. If this is indeed a true act of espionage, it represents a troubling next step in the continually escalating consequences of cyber warfare. Just imagine the possible repercussions of an enemy nation-state obtaining sensitive foreign policy details all due to the click of a cleverly crafted phishing email, or if they managed to continue pilfering information to manipulate the public opinion of our governing bodies and upcoming elections. Such interference by enemy nation-state could disrupt the government and in turn, negatively affect American industries and persons.

We’re All in it Together

America is vulnerable and government organizations shouldn’t be the only ones to concern themselves with weaponized information hacking. In fact, we’ve already seen this tactic used in past notable enterprise breaches where the weapon is embarrassment and brand damage.

Take Ashley Madison for example and more recently the Panama Papers. Not only were these entities hacked, but their data was published online—embarrassing a range of high-profile and political figures in the case of Ashley Madison and exposing financial wrongdoings of various influential individuals who put their trust in Mossack Fonseca.

Data leak hacks can also be used as a weapon to influence a company’s market value, hurting stock prices of breached organizations. Target, Sony and most recently, St. Jude Hospital, are just a few examples of enterprises that all experienced a decrease in market value after their hacks. Now imagine something similar but at a much larger scale, perhaps affecting our banks or critical infrastructure. It could have damaging real-world consequences.

What To Do?

The reason cyber attacks—and cyber espionage—have become so prevalent is a direct result of how much technology has become an integral part of all organizations. Emails are easily compromised via phishing, human error contributes to misconfigurations that provide openings in the backend, outdated technology can’t keep up with evolving threats and more—the list goes on.

In response, the best thing for a government entity or private sector enterprise to do is to ensure it has full visibility into its network so it can see who is doing what and quickly identify abnormal behavior. Moreover, it's crucial to dynamically limit employee access to only the systems each person needs for their tasks. In turn, organizations should also segment their network so threat actors and their malware cannot spread throughout the network and cause more harm in the event of a breach.

In all, this will be a long fought battle between hackers, the nefarious nation-states that back them, and the public and private organizations fending them off. This is just the beginning and thinking it will slow down anytime soon is dangerously naive. We need to take steps to shore up our defenses, understand that newly digitized environments that have become the norm and ensure that we are able to respond effectively in the case of suspicious activity. Don’t get left behind and prepare accordingly.

Michael Sutton is chief information security officer for Zscaler


The views expressed by authors are their own and not the views of The Hill.