• Richard Blech

Improving Cybersecurity Solutions with Cyberattack Disclosure


Cyberattacks have crossed a threshold.

Nation-state entities routinely engage in bold, malicious cyber activities against the United States. China, which has engaged in data harvesting for some years, has been recognized as a major cybersecurity threat to the United States. Hackers backed by the Chinese government exploited vulnerabilities in Microsoft’s Exchange Server to hack 30,000 victims, including local governments and small businesses. The U.S. government has also recently attributed cyberattacks to Russia.


Ransomware criminals have also become much more aggressive and their attacks are escalating in scale, frequency, scope and sophistication. Recent incidents include the Colonial Pipeline hijacking that shutdown gas production on the east coast of US for almost a week, the JBS Foods attack that disrupted beef processing, the Kaseya hack in which enterprises around the world became victims of the supply chain attack against the larger enterprise and the recent attacks on hospitals.


These attacks are not outliers. They are the new norm and are happening on a nearly daily basis. Their ultimate impact, whether or not it is a primary goal of the threat actors, is the severe disruption of society, financial markets and the security of the country. However, just a fraction of the organizations that are victims of such attacks readily disclose the fact.


For companies that do disclose the occurrence of cyber incidents, there can be a significant lapse of time between when the breach was discovered and when it was publicly disclosed. In 2020, it took companies an average of 53 days to disclose a breach after it was discovered.

Sometimes companies that do disclose breaches may be reticent with details. Just about 50 percent of organizations that reported a breach provided information on the type of attack that occurred.


With a threat landscape that is evolving and expanding daily, this massive gap in the number of cyber incidents that have occurred and the number that have been disclosed is dangerous. It is only when organizations learn from one another that effective cybersecurity defenses can be built against the attacks.

WHY DO ORGANIZATIONS KEEP QUIET ABOUT CYBER INCIDENTS?

  • Leaders may have difficulty justifying reporting attacks when it can be nearly impossible to determine who the threat actors are, particularly if the attacks originated from another country.

  • There may be concerns that inviting the government or law enforcement to investigate will disrupt operations even further.

  • There are likely to be worries that the disclosure of a cyberattack will alienate current or potential customers, result in legal ramifications or negatively impact company stocks.

CYBERATTACK TRANSPARENCY IS TOO IMPORTANT


There must be honest and transparent discourse about attacks that have occurred because they present the best chance to gain insights. Outlining what occurred, working backwards to determine how the intruders were able to infiltrate and move around the system and determining the sophistication of an attack provides valuable insights. This is information that can be used to help identify unknown system vulnerabilities and to mitigate attacks against other organizations within the same industry. Transparent cyberattack disclosures:

  • Forces other organizations to acknowledge the real risks of cyber threats. Seeing proof of the dangers can motivate them to take proper preventative action against the threats.

  • Impacts the quality of cybersecurity solutions and practices. For example, the investigation of cyberattacks can be used to identify and analyze unique attack signatures so that the solutions vendors develop can be used by organizations to their environments from specific threats.

VOLUNTARY DISCLOSURE IS STILL AN OPTION...FOR NOW


The issue of cyberattack disclosure, and by default, the overall response to attacks is more complicated than it should be. This is because outside of the disclosure requirements dictated by the SEC, FTC, industry-based regulatory entities and state privacy laws, there is currently no single federal law that compels companies to report cyberattacks to the federal government. Also, while there is the Cyber Incident Reporting guide by the Department of Homeland Security, there is still no standard reporting process.


There are organizations in some sectors that do have to disclose cyber incidents. For example, in May 2021, after the Colonial Pipeline ransomware attack, the DHS issued a security directive requiring oil and gas pipeline operators to report all cyberattacks. Congress has also created the Cyber Incident Notification Act for federal agencies, federal contractors and critical infrastructure companies to notify the Department of Homeland Security when they identify a breach of their systems. This is also discussion regarding requiring all private organizations to disclose when they have been victimized by cyber attacks.


PREPARE FOR CYBERTHREATS WITH XSOC SOLUTIONS


Your company's data is a valuable asset and has never been more at risk. In order to adapt to address emerging threats, organizations have to be transparent about cyberattacks. The insights gained from cyberattack disclosures not only helps with creating a more agile response stance, but it also helps with building a resilient cyber infrastructure that can withstand an attack.

There is no one solution that will safeguard an entire system. Cybersecurity solutions should be implemented in layers so that they build upon one another.

XSOC CORP’s optimized encryption and cryptography solutions can ensure the protection of data and systems from external threats. XSOC CORP optimized cryptographic solutions should be a part of your organization’s cyber infrastructure and security posture. Contact us to learn the how we can help you.