- 256 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
About this book
In the Digital Age of the twenty-first century, the question is not if you will be targeted, but when. Are you prepared? If not, where does one begin?
For an enterprise to be fully prepared for the immanent attack, it must be actively monitoring networks, taking proactive steps to understand and contain attacks, enabling continued operation during an incident, and have a full recovery plan already in place.
Cybersecurity expert Ray Rothrock has provided for businesses large and small a must-have resource that highlights:
- the tactics used by today’s hackers,
- vulnerabilities lurking in networks,
- and strategies not just for surviving attacks, but thriving while under assault.
Businesses and individuals will understand better the threats they face, be able to identify and address weaknesses, and respond to exploits swiftly and effectively. From data theft to downed servers, from malware to human error, cyber events can be triggered anytime from anywhere around the globe.
Digital Resilience provides the resilience-building strategies your business needs to prevail--no matter what strikes.
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere â even offline. Perfect for commutes or when youâre on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Digital Resilience by Ray Rothrock in PDF and/or ePUB format, as well as other popular books in Computer Science & IT Industry. We have over one million books available in our catalogue for you to explore.
Information
1
INTENSIVELY NETWORKED
Why Resilience Is the Only Rational Cybersecurity Choice
November 30, 2013âFrom offices in Bangalore, India, employees of the Silicon Valley security firm FireEye alerted Minneapolis-based Target that they had detected evidence of a security breach of Targetâs digital network. By this time the U.S. retailer, second only to Walmart in size, had been a FireEye client for about six months, having hired the company for $1.6 million to create a state-of-the-art network security system.1
The 2013 attack against Target was one of more than three thousand that year.2 So, cyberattacks are far from unusual. In fact in 2016, the Ponemon Institute, which conducts independent research on privacy, data protection, and information security policy, looked at the âlikelihood of a company having one or more data breach occurrences in the next twenty-four monthsâ and concluded that each of the 383 companies it surveyed had a â26 percent probability of a material data breach involving ten thousand lost or stolen records.â3 Put another way, over the long term, the nature of the threat against the digital network of your business is defined by two facts.
ANSWERING THE CALL TO ACTION
The call to action is clear: We must protect ourselves and our enterprises. The problem is that no means of protection is bulletproof. It is not enough to erect a âfirewallâ around the firmâs digital infrastructure, issue antimalware software to all hands, pronounce your enterprise âsecure,â and walk away. Such passive, static security measures are necessary, but they are not sufficient. In Chapter 3, we will review the most effective and cost-effective strategies and devices for âsecuringâ our networks. We must note now, however, and always bear in mind that security alone offers no silver bullet. All security approaches are inherently and inevitably flawed because the vulnerabilities of digital connection are inherent and inevitable. They are the price of opening ourselves to the opportunities of connection. Once we accept the risk-reward trade-off of digital connectivity, our next step is to surviveâand even thriveâunder attack. Digital security is an incomplete answer. Digital resilience completes the answer.
As a concept, digital resilience is relatively newâbut only because digital technology is relatively new, and networked digital technology is even newer. The fact is that digital resilience is a subset of resilience, which is a characteristic of biological, ecological, social, national, and institutional systems that have survived and thrived, some of them since time immemorial. Whereas digital security is about security, digital resilience is about how you do business in todayâs intensively interconnected environment. It is not confined to the realm of IT specialists, but is a whole-business strategy.
THE TARGET ATTACK: WHAT A FAILURE OF RESILIENCE LOOKS LIKE
Only two things make the 2013 attack on Target unusual: its magnitudeâ70 million customers became victimsâand the amount and detail of insight we have gained from it. (While the Equifax data breach, which took place during MayâJuly 2017 but was not reported until September 2017, affected at least twice as many victimsâ145.5 million American consumers, close to half the U.S. populationâwe donât as yet have sufficient information to create a definitively illuminating narrative.) The Target attack reveals the severe limits of conventional digital security. More important, it is a call to move beyond these limits. The numbers make it clear that attack is virtually inevitable. We need something more than the current âstate of the artâ in digital security.
It is true that most private- and public-sector leaders agree on the necessity of making preparations for survival under cyberat-tack. All sophisticated businesses have active disaster recovery plans (DRP) and business continuity plans (BCP). They understand that having an emergency plan for a crisis is essential. But both DRPs and BCPs are very different from a cyber recovery plan. The purpose of this book is to persuade managers, C-suite executives, and boards of directors that the default environment in which their highly connected businesses, institutions, and government agencies operate is in crisis. Connectivity creates both frictionless business opportunity and frictionless vulnerability to attack. This is todayâs default situation. Mere survival is not a sufficiently ambitious objective. Intensively connected enterprises need to thrive in high-risk environments and even under attack.
Thriving under attack is not a radical proposal. It is a function of digital resilience. As defined very ably by Andrew Zolli and Ann Marie Healy, resilience is âthe capacity of a system, enterprise, or a person to maintain its core purpose and integrity in the face of dramatically changed circumstances.â4 The chapters that follow are about applying the concept and quality of resilience specifically to digital networks. Before we get to these chapters, however, let us take a close-up look at what happened to a network whose operators failed to make it resilient. The Target attack, breach, and data theft, one of about three thousand that year, is representative of todayâs digital business environment. It is also an event about which we have an abundance of information.
ACTION ITEM
There is no bulletproof protection against cyberattack. Digital security is mandatory but not sufficient. In addition to digital security, understand, embrace, and implement digital resilience as a strategy for surviving and thriving in an inherently insecure digital environment.
On March 26, 2014, John Mulligan, executive vice president and chief financial officer of Target Corporation, testified before the Senate Committee on Commerce, Science, & Transportation. His unenviable task was to explain why and how the credit card data of 40 million of his companyâs customers had been stolen. âIt appears that intruders entered our system on November 12[, 2013],â he testified. âWith the benefit of hindsight and new information, we are now asking hard questions regarding the judgments that were made at that time and assessing whether different judgments may have led to different outcomes.â5
Without doubt, the first âhard questionâ is why, having been alerted by Bangalore on November 30, 2013, Targetâs Minneapolis-based Security Operations Center did exactly nothing. Nothing. The next question is, why, after a second alert was sent on December 2, they also did nothing.6 Target did not even begin an âinternal investigationâ until December 12, when the retailer was ânotified by the Justice Department of suspicious activity involving payment cards used at Target stores.â Target personnel met with the DOJ and the Secret Service on December 13, hired âan outside team of experts to lead a thorough forensic investigationâ on December 14, and on December 15 âconfirmed that criminals had infiltrated our system, installed malware on our point-of-sale network and potentially stolen guest payment card data. That same day, we removed the malware from virtually all registers in our U.S. stores.â7
By this time, records affecting 70 million customers had been stolen: data for 40 million debit and credit cards plus the personally identifiable information (PII) of those customers in addition to 30 million others whose credit card data was not stolen.
For 40 to 70 million Target customers, there were the ugly consequences of identity theftâunauthorized charges to sort out, inability to access credit, endless phone calls to credit reporting agencies, getting blindsided by fraudulent credit and loan applications, and no way to know when and where the ripples created by compromised PII would end.
For Target, the gross expense created by the breach during 2013â2014 was reported as $252 million. Insurance compensation reduced this to $162 million, and tax deductions brought it down to $105 million.8 Nevertheless, the companyâs profits fell 46 percent in its fourth fiscal quarter of 2013 and were down by more than a third for all of 2013.9 More than 140 lawsuits from customers and financial institutions rolled in. In March 2015, Target settled a class-action suit brought by customers for $10 million; in August, Target settled with Visa for $67 million; and in December, the company settled with several banks (whose credit cards were compromised) for $39 million in damages.10 Both Target CIO Beth Jacob and CEO Gregg Steinhafel resigned following the breach.11 Federal and state authorities have threatened fines and other penalties.12 Beyond all of this, there was the damage to the Target brand and reputation, a hit difficult to measure.
âWe are asking hard questions about whether we could have taken different actions before the breach was discovered that would have resulted in different outcomes,â Mulligan told the senators. âIn particular, we are focused on what information we had that could have alerted us to the breach earlier. . . .â13
There is an answer to this. An earlier alert would have made no difference. Two reasons: First, Target made no response to the two alerts it did receive. There is no compelling reason to believe it would have responded to an alert received earlier. Second, the November 30 alert came after the network had been infiltrated but before data was being exfiltrated. The theft itself started on December 2, the date of the second alert. Nurtured on pop culture images of âwired-inâ cyber prodigies gone over to the dark side, the uninformed picture âhackersâ as superhuman geniuses and assume they move with infinite stealth and at great speed. Those who possess even basic knowledge of the complexity of large digital networks, however, know that infiltrating a network, finding what you want to take, and then exfiltrating that materialâwhich typically amounts to huge quantities of dataâtakes time: days, weeks, sometimes months.
As far as can be determined, exfiltration from Target did not begin until December 2 and continued for nearly two weeks. The process was painstaking: The malware automatically sent data to three different U.S.-based staging points, servers located in Ash-burn, Virginia, Provo, Utah, and Los Angeles, California, active only between 10:00 a.m. and 6:00 p.m. Central Standard Time, probably to reduce the chances that the outflow would be detected by burying it in the massive volume of normal workday traffic. From the U.S. staging points, the data was sent to vpsville.ru, a Moscow-based webhosting service, which operates openly. The companyâs spokesman, Alexander Kiva, later unapologetically explained that the company has far too many clients to effectively monitor.14
ADVANCED PERSISTENT THREAT: THE ENEMY WITHIN
Far from being smash-and-grab affairs, most meaningful breaches take time. Indeed, an entire category of breach is categorized as an âAdvanced Persistent Threatâ (APT), a network attack in which the intruder not only gains access to the network but remains active in it for a long period of time. To date, the most spectacular documented APT was that of âAPT1,â which was exposed in a February 2013 report by the Mandiant security company. âAPT1 is believed to be the 2nd Bureau of [Chinaâs] Peopleâs Liberation Army (PLA) General Staff Departmentâs (GSD) 3rd Department. . . .â Since 2006, APT1 compromised â141 companies spanning 20 major industries,â most of them U.S.-based. It âmaintained access to victim networks for an average of 356 days.â The longest span was 1,764 days of continuous network accessâfour years and ten months.â15
ACTION ITEM
Truly destructive network breaches are not smash-and-grab âattacks.â A successful breach is better described and understood as a chronic infection rather than a transitory attack, as espionage and embezzlement rather than burglary, as an invasion and occupation rath...
Table of contents
- Cover Page
- Title Page
- Dedication
- Copyright Page
- Contents
- Foreword
- 1. Intensively Networked: Why Resilience Is the Only Rational Cybersecurity Choice
- 2. Hard to Break: ResilienceâA Winning Strategy In a Losing War
- 3. The Nature of Networks: KnowledgeâThe First Step Toward Digital Resilience
- 4. Digitally Bound: Getting the C-Suite and Board Up to Speed On Digital Resilience
- 5. Portrait and Landscape: Achieving Resilience In Our Fragile Digital Environment
- 6. The Measure of Resilience: Assessing and Improving Your Digital Resilience
- 7. Resilient Response: Making Resilience a Whole-Business, Whole-Nation, Whole-World Issue
- 8. Achieving Digital Resilience: A Top-Down Guide
- Notes
- Index