News Article Release
Information Security Expert Addresses Naval Academy Midshipmen on Cyber Threats
Posted on: January 16, 2014 08:00 EST by Jessica Clark
Hackers are getting more sophisticated and harder to combat.
That’s likely the message most midshipmen took away with them after a lecture Jan. 14 by Kevin Mandia, founder and chief executive officer of the cybersecurity consulting firm Mandiant, which was recently acquired by FireEye, Inc.
A former Air Force intelligence officer, Mandia founded the company to help organizations detect and respond to computer intrusions.
Mandia’s was just one in a series of lectures sponsored by the Naval Academy’s Center for Cyber Security Studies, which works to enhance the education of midshipmen in all areas of cyber warfare. All midshipmen now take required classes in the basics of cybersecurity, and the academy introduced a new interdisciplinary cyber operations major last year.
Calling on more than 15 years of experience in the cybersecurity field, Mandia gave the midshipmen real-world examples of hacking activity to show them how it’s done and, more importantly, how it’s detected.
Cyber attacks are relatively easy to fall victim to, said Mandia, because e-mails sent by attackers look legitimate enough to convince recipients to open documents or links, launching malware that steals information from their systems. These systems then act as launching pads for hackers to infiltrate company networks.
“Right now if you’re in any situation where you need to get information out of your country, you’re going to use the internet to do it,” said Mandia.
Which makes you vulnerable. Mandia’s company has been tracking the ability to detect hackers since 1998 and found that it can take more than a year before a user realizes their system has been compromised.
“Imagine that. From the moment you’ve been compromised to the moment you’re aware someone’s been reading your e-mail and stealing your data, a whole year has gone by,” he said. “That’s a long time.”
By that time the damage has already been done. These attacks are virtually undetectable by standard anti-virus programs so being compliant with your company’s security policies and current on your system updates is no guarantee you won’t be attacked.
While Mandia said these programs are still good for keeping your system running optimally, they’re easily circumvented by hackers looking to steal information.
“Most of you, when your antivirus triggers, you probably think ‘Thank God, antivirus prevented that intrusion.’ Here’s the reality: You’ve been compromised for eight months and the bad guys either a) used your machine to hack into other people or b) they’ve already taken whatever they wanted from your machine.
“It’s just too easy to get an end user to do the wrong things on their computer,” he added.
On the bright side, the more challenging it is to find combatants in cyber space, the more “fun” it is, said Mandia.
“That’s why we’re all sitting here,” he told the midshipmen. “It’s a lot more exciting to fight against this stuff on the frontlines than if it was easy.”
Perhaps good news for midshipmen interested in a career in cyber security, the government remains the top detection mechanism for major breaches.
“That’s just the way it is. It’s an early warning system,” said Mandia. “It doesn’t mean they’re spying on everyone all the time or that they know everything that’s going on. It just so happens that they’re locked into what other governments are doing when they hack our private sector, and they get to see it.”
Which is just as well, since he also maintained that the next U.S. armed conflict will include a cyber component.
“This is here to stay,” he said.