Cyber-Weapons: The Krav Maga of cyber security

0
3799

Unexpected tactically-driven attacks are so effective in the industry today because of the violent nature and overall surprise. Krav Maga is a guerilla hand-to-hand combat fighting style that is extremely effective as the victim is usually defeated because he/she is completely surprised by the capability and veracity of the attacker.

Playing on this concept, cyber-weapons often are nation-sponsored attacks that are sprung onto a target without a sufficient threat intelligence to deter the attack. Stuxnet was a great example of this, taking advantage of known legacy equipment vulnerabilities, and attacking these weaknesses with catastrophic success. Stuxnet was the first of many cyber-weapons to come; Flame and Gauss are two evolutions of Stuxnet with equally devastating results.

When we see improvements on offensive cyber capabilities (originating from an APT), we need to understand the underlying message – APTs are here to stay and we must be ready for an attack. It’s not a matter of ‘if’ but ‘when’, and the sooner we all plan for Cyber-Armageddon, the sooner we can develop a working IR framework to mitigate such an attack.

Knowing that a cyber-attack is imminent, you can work backwards from an incident and identify critical resources that are essential to regular business operations. Once you’ve identified this piece, you can then focus on how your BCP ties into your cyber defense strategy.

A security overview assessment will identify these gaps and assist in developing a formidable strategy for when the worst attack occurs. Reputational loss is the one thing money cannot buy back – you need to be ready.

Contact our Security Solutions Team!

We must be vigilant, we must be ready, and most of all, we must be educated!

 

Adam Zimmerman, Security Solutions Architect

CDW Canada

With over six years of experience in the technology industry, Adam’s experience covers information security operations, cyber security advisory, penetration testing, and advanced exploitation. Adam’s primary focus is  helping organizations build strong security practices and prepare for potential attacks.

Adam holds a Masters in IT Security from the University of Ontario Institute of Technology, where he successfully developed a malware classification tool with a security firm based in Ottawa.  Additionally, he has worked on several cyber consulting engagements as a lead security researcher and was able to develop an exploit for the FAA’s NextGen Air Traffic Control Management System.

Adam currently serves in the Canadian Armed Forces as a Second Lieutenant where he holds a  command position as a Troop Commander for 32 Combat Engineer Regiment of Toronto; specializing in mobility denial and facilitation, tactical breaching, controlled munitions disposal, and various humanitarian support operations.