America under cyber attack
Gillian Tett, US managing editor, talks to cyber security expert and CrowdStrike co-founder Dmitri Alperovitch about the countries that pose the biggest threat for the US government and the practical steps companies can take to avoid cyber attacks
Filmed by Ben Marino. Edited by Gregory Bobillot. Additional material: Getty, Reuters
The 2016 US presidential election had many peculiar features, but one of the most startling was a revelation by CrowdStrike, the cybersecurity company, that the Russian-related actors had been hacking the election. But as Dmitri Alperovitch, CEO and founder of CrowdStrike, tells me, that's just a tip of a much bigger iceberg of cyber-hacking that's going on that companies need to prepare for.
When you look at the threat landscape, you really have three types of motivations driving the threat actors out there. You have the nation state actors. You have the cyber-criminals that have a financial motive. And you have the hacktivist/activist groups that are trying to promote their particular ideology.
When you look at the nation states, it's really the big four that we care about here in the United States and broadly in the West. It's Russia. It's China, It's Iran and North Korea.
When you look at the international system, North Korea is, by far, the most reckless actor out there. Whether it's their nuclear programme or their missile programme. And in cyber, it's no different. They have launched some of the most destructive attacks we have seen in this domain at South Korea. And then, in 2014 against Sony. So I'm very, very concerned that if there is an escalation in the region, that one of the retaliations that North Koreans will use is cyber. And they're extremely capable at this, having done it for the better part of the last 10 years.
We have seen attacks from Iran against the financial sector here in the United States, against some more physical infrastructure. But where they've really been very, very aggressive is actually in the Middle East itself.
We've seen significant destructive wiper attacks in Saudi Arabia, both against private organisations in Saudi Arabia, their critical infrastructure, as well as against Saudi Arabian government networks. And as recently as in the last month. So that is of extreme concern that they will continue to escalate their activities and engage in these truly destructive attacks.
We have seen a dramatic reduction, over 90% reduction, in their activities since the 2015 agreement with the US government on this issue. They continue to hack US government. They continue to hack defence contractors and other dual-use targets that you would expect intelligence agencies to go after. They're not changing their trade craft, really, at all when going after these organisations. But in the economic espionage sphere, where they're hacking into a private company and stealing their information and giving it to a private company in China, or a state-sponsored company, that has been dramatically reduced. Not quite 0, but dramatically reduced.
I think this is really a key point. Every organisation should do three steps. They should assume that they are already compromised and get a compromise assessment done right away. Because as we've seen, and I've said many times over, there are only two types of organisations out there, those that know that they've been hacked and those that don't yet know. But they've all been hacked.
Secondly, they need to get full visibility into their systems. They need to understand what's happening on every machine, what's executing there. And three, they need to proactively hunt on that data to try to find the bad actors. You can't just wait for an alert to go off. You need to assume that you're targeted. You need to assume that someone is already inside. And you need to proactively go out and try to find them on your network.
Even small organisations can face this threat. If you have something valuable that someone may want, chances are you've already been targeted.