Learning cybersecurity lessons from the defence and intelligence sectors

As cybercrime in the commercial sector continues to grow, Danny Lopez, CEO of cybersecurity firm Glasswall, explains how lessons can be learned from the defence and intelligence sector's approach to cybersecurity.


This is a contributed article by Danny Lopez, CEO of Glasswall Solutions


With cybercrime up 600% in 2021, organisations are facing increasing risk in both the public and private sectors. Threats aren’t just getting more prolific - they’re increasingly complex and harder to defend against. A good example of this is the recent high-profile supply chain attacks, which the European Union Agency for Cybersecurity (ENISA) has predicted will quadruple by the end of 2021, compared to 2020. These attacks are concealed in legitimate software products, where malicious malware is embedded in updates which ultimately allow an attacker into the target IT environment. By the time the threat is discovered, the attacker already has access to the system and all the sensitive information it stores.

These were the circumstances under which the SolarWinds attack of 2020 occurred, affecting more than 17,000 of its customers. As well as impacting businesses such as Microsoft, Intel and Deloitte, this attack was almost certainly designed to penetrate highly sensitive government agencies including the U.S. Department of Homeland Security, the National Nuclear Security Administration and parts of the Pentagon.

Learning from the best

The reason it took such a sophisticated attack to penetrate these government institutions is that they make it very difficult for more traditional attacks to be successful. The defence and intelligence sectors are rarely impacted by file-based attacks, for instance, because for these organisations, cybersecurity is a case of national security, not just a business matter. As a result, there are a range of lessons that commercial businesses could learn from the defence and intelligence communities to improve their cybersecurity strategies.

A key part of the problem is that by the time an attack has penetrated the target systems, much of the damage has been done. Instead, having the measures in place to identify and protect against threats such as those posed by file-based malware is far more effective. Being reactive is the biggest security mistake made by most organisations. In order to stay protected from various online dangers, businesses must be able to remove threats from their files at the same scale and level as the defence and intelligence communities.

The secret weapon

Due to the potentially catastrophic consequences of any cybersecurity mistakes made in the defence and intelligence sector, these agencies cannot rely on reactive solutions - their frontline must be impenetrable. For many, Content Disarm and Reconstruction (CDR) technology has offered a proactive solution to file-based threats that’s now building significant momentum across the private sector.

Proactivity is the core of CDR technology. The protection it offers is instant, unlike reactive security solutions such as anti-virus, as files and documents undergo a rapid four-step process.

  • Step 1 - The file is first inspected to confirm that its digital DNA does not deviate from the manufacturer’s ‘known good’ specification. Any irregularities are instantly rectified.
  • Step 2 - Next, the file is cleaned to remove any active high-risk content - such as embedded links or macros.
  • Step 3 - Once any high-risk content is removed, the file is rebuilt to the ‘known good’ specification and any security blind spots are closed.
  • Step 4 - Once the first three steps are complete, the file is threat-free and can be delivered to the user with the confidence that it is totally safe.

Such a simple and quick process creates strong cyber-protection as it is very difficult for a threat to exist in a file that has undergone CDR. This is so valuable to organisations because it instils confidence that every file is safe to open. Significantly, neither security nor productivity has to be compromised as its instantaneous nature carries out the process without interrupting business operations.

Today, cybercriminals are incredibly sophisticated and use technology to engineer malware and create compelling versions of each file so that they are undetectable by traditional security solutions and convincing to users. However, as CDR looks at the file’s ‘digital DNA’, not the visual layer, it cannot be tricked by the cybercriminals’ sophisticated algorithms that frequently avoid detection.

Stay one step ahead

It is time for business leaders to change how they approach cybersecurity as the sustainability of traditional security approaches continues to dwindle. In order to modernise their methods, leaders should be open to change and innovation, being prepared to tackle the risks and issues that may arise. Even if they have yet to fall victim to a cyber-attack or data breach, organisations should not assume they will remain safe forever.

Cybercriminals and their attacks are not always easily identifiable, but adopting the right mindset and approach to cybersecurity will give businesses the best opportunity to defend themselves against attacks and keep their systems safe. The defence and intelligence sectors are currently reaping the benefits of CDR and the commercial space could learn a lot from following their lead.  

Danny Lopez is the CEO of award-winning cybersecurity firm Glasswall, which delivers unique protection against sophisticated threats through its groundbreaking technology. Prior to joining Glasswall in 2019, Lopez enjoyed a successful international career in banking, marketing, diplomacy, and technology, including working as the inaugural CEO of London & Partners and Managing Director at the UK government’s Department for International Trade.