WannaCrypt0r — the malware that held data to ransom on a global scale — was a powerful illustration of what happens when cyber-security loopholes are not effectively closed. Exploiting a weakness in Microsoft's Windows operating system, the cryptoworm spread between PCs like wildfire, encrypting data and demanding Bitcoin payment in exchange for its return.
It is fair to say the attack took most cyber-security professionals by surprise. But was it really so unfathomable and, more importantly, how can we ensure such attacks are not repeated?
The answer to these questions lies in a theory proposed by Intel co-founder, Gordon Moore, in the 1960s: the processing power of computers doubles every two years.
Having dominated computing for the last 52 years, “Moore's Law” is now looking set to run out of steam, and it is the reason behind this has much to teach us about cyber-security now, and in the future.
Keeping up with the hackers
According to Europol chief Rob Wainwright, the best way to stop WanaCrypt0r infecting PCs and corporate networks is simple: installing a Microsoft patch on all machines.
Yet as the attack has shown, keeping security systems up to date is challenging. Microsoft, after all, had already released the MS17-010 patch before the ransomware hit, but failure of individual users and businesses to update promptly meant 150 countries were still affected.
The hard truth is: security breaches are not just increasing; they are inevitable — especially in large organisations where networks support multiple devices that all run different software. And considering the scale of the biggest organisations affected — the UK's National Health Service and FedEx — it is easy to see how PCs running outdated systems, like Windows 7, were overlooked.
The key conclusion we can draw from this latest breach is that our tendency to focus on protecting specific networks or devices is a serious error. And this is where Moore's Law comes in…
From chip-power to the cloud
When Moore first made his observation, technology was different — computing power was determined by how many transistors a dense integrated circuit, or chip, could hold. After noting that the transistor to chip ratio was doubling every two years (a revised estimate made in 1975), he predicted that processing capability would grow at the same rate, and so “Moore's Law” was born.
Although the theory has been verified by more than half a century of multiplying transistors and shrinking chips, empirical support for it is dwindling. Indeed, in 2015, Moore himself said he saw the law “dying in the next decade or so.”
The reason for this is that computing capability is no longer tied to hardware. The advent of cloud computing means software, data and extra processing capacity can now be accessed over the internet — without increasing the number of transistors in a device.
Thus, when we apply the same argument to cyber-security the problem is clear: current measures are trying to protect limited networks and specific devices, but networks are now edgeless and used by myriad devices. In other words, the idea of patching every single device linked to the network is unrealistic and we are trying to keep a gate closed that is simply too wide.
Outside in: building internal defences
To outpace the hackers, we must learn from the failings of Moore's Law and take a lateral security perspective that extends beyond individual devices.
CISOs need to adopt a detection-led approach that focuses on preventing attacks after hackers have breached networks by monitoring for and removing suspicious users. In doing so, they can ensure their cyber-security measures are fit for the 21st century, rather than embarking on an endless mission to update every device each time a threat is identified. And with such defences in place, security professionals could stop the next ransomware attack from spreading so quickly, or at all.
The demise of Moore's law teaches us that modern security cannot afford to view networks as silos. With the cloud constantly creating new connections, there are no more perimeters to protect, which means keeping systems safe requires defences that can identify hackers after they have made their way in.
By deploying a detection-led method, CISOs can use the lessons of the past to secure networks at all times, and ensure they are positioned to thwart the next WanaCrypt0r-style-attack in its early stages.
Contributed by Kirsten Bay, president and CEO, Cyber adAPT
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.