Share data to thwart cyber attacks, says security expert

When a cyberterrorism attack hits the US, it will be much more harmful than the existing crop of viruses and worms which have...

When a cyberterrorism attack hits the US, it will be much more harmful than the existing crop of viruses and worms which have already caused billions of dollars in damages, a cybersecurity expert claims.

Terrorism groups have planned cyberterrorism attacks for years, and those attacks are waiting for a vulnerability to trigger them, said Norm Laudermilch, vice-president of managed security services for VeriSign.

"We're not going to have a month to patch our systems, because the plan is going to be already in place," he told attendees at Computer Security Institute's Computer Security Conference and Exhibition in Washington DC.

Laudermilch classified about three-quarters of the attacks VeriSign sees on its customers' networks as "sport" attacks - those carried out by amateur hackers trying to see what damage they can do.

Only 5% of the attacks are motivated by politics or a foreign government, companies need to be prepared when and if more of those kinds of attacks come, because enemies of the US are strongly motivated by hate, he said.

"I'm not trying to be too negative, but we're dealing with a completely different type of intelligence than some of the massively successful attacks we've seen on the internet recently," Laudermilch said.

The SQL Slammer worm, the Sobig-F worm and the Blaster worm, were relatively simple attacks, and many companies recovered within hours or days, although the damage still ran into the billions of dollars.

The ability to catch these attacks is a kind of "criminal Darwinism", in which unsophisticated attackers are easily spotted, Laudermilch said, but cyberterrorist victims may make a slower recovery.

"We're good at catching the attackers who aren't so bright," he added. "But are we catching the more complex attacks? Are we catching the more stealthy attacks?"

Laudermilch recommended that companies must pay attention to several areas to combat the potential of cyberterrorism. Even though many US companies continue to cut or hold off hiring new staff, they need to focus on security knowledge and intelligence and effective use of intelligence. Most US companies fail in those two areas, he said.

Many companies do not have processes in place to even keep track of all the computers on their networks, he said, and US companies are often unwilling to share their security problems with others. He called for more sharing of security data as a way for more companies to understand cyberattacks.

Companies often buy a host of security products, including firewalls, virus protection and intrusion detection systems, but they do not understand all the functionality those products provide, Laudermilch said.

"The problem is once they select this technology, few people spend the time it takes to understand everything that product can do for them," he said.

"Making the best use of this technology relies on your ability to take what these tools give you and turn it into intelligence."

Grant Gross writes for IDG News Service

Read more on IT risk management