/* ---- Google Analytics Code Below */

Saturday, August 27, 2022

Military Grade Cybersecurity Needed in Business

Good thoughts regards key issues. 


Raising the Ramparts, By David Geer, Commissioned by CACM Staff,   August 11, 2022

The global military cybersecurity market will grow from US$25,692.4 million in 2021 to US$ 43,675.2 million by 2031, says Visiongain Research, Inc., a U.K. market intelligence firm.

That growth is no surprise, with commonplace nation-state attacks on critical infrastructure and government data assets. The U.S. federal government and its agencies, with the aid of the Cybersecurity & Infrastructure Security Agency (CISA), are ramping up cyber defenses to combat disabling ransomware and complex attacks. They are using approved security products that the government and the military vet specifically for these purposes.

However, government organizations are not the only ones in jeopardy.

Nation-states target private enterprises, too, with support from their military and insidious Advanced Persistent Threat (APT) groups. Facing the same threats that government agencies do, companies need military-grade cybersecurity.

Military-grade cybersecurity proceeds from a Military Specification (MIL-SPEC) purchasing process, with rigorous testing to ensure cybersecurity components are the most secure, resilient product the military can get, says Peter Hay, Lead for Instruction at SimSpace Corporation, a military-grade cybersecurity risk management platform. The military uses extensive mission-based training to ensure its human cybersecurity talent adheres to MIL-SPEC security requirements, too.

MIL-SPEC cybersecurity products are a necessity, as high-profile cases of military-level attacks demonstrate. The Indian APT group ModifiedElephant stealthily attacked dissidents for 10 years without detection. The group used military-grade remote access trojans (RATs), keyloggers, and other attack tools, according to SC Media, a publication of the CyberRisk Alliance, an organization that, according to its Website, was "formed to help cybersecurity professionals face the challenges and obstacles that threaten the success and prosperity of their organizations."

The APT group Shadow Brokers stole the EternalBlue military-grade exploit from the U.S. National Security Agency (NSA) in 2017. It released the exploit to criminal hackers globally via subscription-based access to data dumps, according to The New York Times. Cybercriminals have since used EternalBlue successfully in many attacks.

According to Tom Van de Wiele, a principal of WithSecure, an endpoint detection and response company in Finland, the 2010 Stuxnet attack was the most profound military-level cyberattack on record. Stuxnet used intelligence gathering, local spies bridging air-gapped networks using USB thumb drives, and zero-day exploits to gain access and persist long enough to disrupt Iranian uranium enrichment infrastructure, he says.

With an increase in nation-state data breaches, cybersecurity vendors serving the military are offering comparable products and services to the private sector to maintain the balance of power against nation-state attacks.

For example, CrowdStrike provides its cloud-based endpoint and identity product Falcon to the U.S. Government with FedRAMP authorization, according to a CrowdStrike media release. Falcon also is available to private enterprises. ... 

Facing the same threats that government agencies do, companies need military-grade cybersecurity...

No comments: