KnowBe4: Former NSA Director Michael Hayden: "We have a Russia Problem"
-
have been saying this here for the last few years, but if you get it confirmed by a former NSA director, that's nice to hear. The Wall Street Journal just reported that President Barack Obama has instructed U.S. intelligence agencies to investigate hacking activity aimed at meddling in the 2016 election.
The same article shows a video with an interview at WSJ's Future of Cybersecurity breakfast, Former NSA Director Michael Hayden says the Russians "weaponized" information gleaned from hacking DNC emails to erode America's confidence in our political process. And he tells WSJ's John Bussey how the U.S. should retaliate.
This is powerful ammo to send to your C-suite so they can get first-hand information why it is so important to increase IT cybersecurity budget.
Below is a direct link to the 4:16 video. Note what Hayden said at 1:10 "Russian criminal gangs on behalf of the Russian Federation does the original hacking, pulls the information back, givies it back to the Russian Federation, who then washed it through Wikileaks to go out"
http://www.wsj.com/video/gen-hayden-on-us-response-to-russian-dnc-hack/54D57FC3-D99E-4864-B9C7-EE948...
Want to get a 5-minute backgrounder?
We all know that a large amount of cybercrime originates in Russia and other eastern European countries that were former USSR states. But why is that? I decided to dig into this and did some research which turned out to be eye opening. One of the most fascinating sources of reliable information was a book called Putin's Kleptocracy: Who Owns Russia? by Karen Dawisha, professor of Political Science at Miami University.
Why cybercrime is so widespread in eastern Europe is closely connected and date-coincident with the rise of Vladimir Putin to Russia's autocratic leader. If this all sounds too unreal, I assure you it's the unpleasant truth.
Here is a very, very short summary of what happened, so you get the big ugly picture: Why All This Russian Cybercrime In Five Minutes
Since they are thousands of miles removed and our Law Enforcement is getting no cooperation, the major ways these bad guys can penetrate your systems are limited:
- Badly configured servers and workstations
- Known and unknown vulnerabilities in software
- Social engineering
That's why stepping users through new-school security awareness training is such an important part of your defense-in-depth.