I was at the Gartner Security & Risk Management Summit at National Harbor, in DC this week. One of the keynotes was by CIA Director George Brennan, who was sworn in as director of the Central Intelligence Agency on March 8, 2013. As director, he managed intelligence collection, analysis, covert action, counterintelligence and liaison relationships with foreign intelligence services.Before becoming director, Brennan served at the White House for four years as assistant to the President for Homeland Security and Counterterrorism and helped coordinate the U.S. government’s approach to homeland security, including its policies for responding to terrorism, cyberattacks, natural disasters and pandemics.
Brennan discussed the role of private-public partnerships and the evolving nature of cyber threats and options for protecting mission-critical capabilities as well as our privacy, national security and future prosperity. The presentation covered a lot of ground, and I wanted to highlight just a few items.
"Russia's Intelligence Agencies Not Bound By Law"
First, he explained the cyber threats coming out of Russia, China, Iran and North Korea: "It's a constant barrage of these spear phishing attacks. I think you have all heard about Russia's capabilities over the past year or so, increasingly sophisticated, increasingly capable, and also their intelligence security services are not really bound by law and limits of the law that US agencies are rightly limited by."
"It’s going to take a 9/11 in the cyber realm"
Brennan is urging Americans to encourage federal lawmakers to push forward cybersecurity-focused legislation, regulations and other rules so that the U.S. is better prepared in cyberspace. “You all need to continue to put the pressure on your elected representatives in Congress to take this matter seriously,” Brennan said.
“People frequently say it’s going to take a 9/11 in the cyber realm in order for us as a country to be able to come to terms and deal more effectively with cyber challenges. A lot of work needs to be done in the halls of Congress, as well as in the executive branch, in order to allow the government to deal with the challenges of the 21st century,” he said.
“The next Pearl Harbor will be cyber,”
An example of this is Sen. Angus King (I-Maine) who is sponsoring federal legislation that would require utilities to have manual-control capabilities. “The next Pearl Harbor will be cyber,” he said. “It’s a cheap way to attack. No bombers or submarines needed.” U.S. officials say it is possible that malware, including BlackEnergy, still lurks in American utility networks. There is no federal requirement that it be rooted out. Much more needs to be done.
There is something that can be done about this now
The vast majority of these attacks start with phishing emails. KnowBe4's integrated training and phishing platform allows you to send fully simulated phishing emails so you can see which users answer the emails and/or click on links in them or open infected attachments. If you have a Platinum subscription you can even send them "vishing" attacks straight to the phone on their desk.
See it for yourself and get a live, one-on-one demo.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: