- Jan - Feb 2012 – Group Anonymous attacks various Israeli sites leaving, among others, the Israeli Stock exchange in operational duress for a moment
- March 2012 – Operation Global Blackout – Group Anonymous threatens to take out the internet by attacking the DNS infrastructure of the world
- July – Aug 2012 – Admin.HLP Trojan wreaks havoc in wild
- Aug 2012 – AT&T suffers a near day long outage originating from an attack on their DNS infrastructure
- Sept – Oct 2012 – Operation Ababil launched against US banking and financial institutions. The vast majority of US banks suffer various degrees of outages, attacks leverage new SSL tool
- Nov – Dec 2012 – OpIsrael & OpZionism launched against various Israeli interests as a result of ongoing political struggles.
So, what did we learn from this year of carnage? I think we would be fooling ourselves if we believed that the overall success of this past year’s attacks could be attributed to luck or isolated to a few obscure examples. These attacks were by-and-large effective across a multitude of technologies, geographies and industries.
The attacks seemed to have little correlation on the surface as their effectiveness seemed to be felt without regard to the size of the company, geographic operations, the security technologies these organizations had in place or the amount of people studying the problem (e.g. security professionals, risk assessment results, etc).
However, if we are honest with ourselves, not all of the attacks have been successful thus far. There have been notable security programs that have weathered the storm by-and-large intact. Although they shall remain nameless to protect them from undue future attention, these programs were indeed different from the ones that suffered outages.
The people behind these programs are really the unsung heroes of 2012. These security professionals have provided us with a stable model of defense going forward. Let’s look at what they’ve taught us.
Security blind spots
Overall, the programs that were most effective against cyber attacks have taught us that they are doing something other (failed) programs are not. In the vernacular of security professionals, the difference between an effective program and an ineffective program is called a ‘security blind spot’.
The high-level differences between organizations that have been able to successfully withstand cyber attacks and others that have not are readily apparent when surveying the 2012 cyber security landscape. Below are the five most important lessons learned from those organizations that have managed to build a resilient security environment.
The 5 ingredients of a resilient cyber security environment:
1. Increase focus on availability-security
While most security environments focus exclusively on confidentiality and integrity-based security models, latency is a high priority for folks that are most successful. To effectively combat today’s threats, all three aspects – confidentiality, integrity and availability – must be a priority in order to ensure comprehensive security.