Hackers' improving and evolving techniques are especially obvious when it comes to distributed-denial-of-service attacks, says Matt Moynahan, president of online security firm Arbor Networks.
The techniques now used, as the banking industry first learned during the hacktivist attacks of 2012 and 2013, are much more methodical than they were five or 10 years ago, he says.
"In these campaigns, the attackers have patience and thoroughness," Moynahan explains during this exclusive Executive Session interview with Information Security Media Group. "Attackers take their time and move around."
Over the course of his career, Moynahan has seen attacks and attack vectors change. He also has seen changes in how companies respond to those attacks.
"The infrastructure itself is insecure," Moynahan says. "Our defenses have improved, but so have the hacking techniques."
Security Must Evolve
Moynahan has been in the IT security industry for more than two decades. His career has included positions with Goldman Sachs and security firms Veracode and Symantec.
Now, at Arbor Networks, Moynahan says he's focused on learning more about attackers' emerging techniques.
The key to successful IT security, he says, involves developing technical solutions that can detect these techniques and mitigate their risks.
Trying to prevent cyber-attacks, in today's environment, is fruitless, he contends.
A Growing Threat
DDoS, an attack method once deemed to be harmless, has proven itself to be quite effective at disrupting corporate networks and rattling consumers' confidence, he adds (see DDoS Attacks: The Impact on Brand).
"DDos is on a trend that is only going to continue," Moynahan says. "Part of the reason I joined Arbor Networks is because I saw this trend coming."
It's the conundrum posed by the so-called Internet of Things - an environment in which everything from cars to refrigerators is considered to be a smart device that can communicate with a host via the Internet, he says.
"Massive attacks on the infrastructure are things we can expect to see in the future," and many of these smart devices will be used to wage those attacks, Moynahan says. "One thing we should all be wary of is machine-to-machine attacks. ... We've seen DDoS attacks take over PCs," Moynahan says. "Now you can see hackers taking over any device that has computing power."
During this interview, Moynahan also discusses:
- How the methods used in DDoS attacks have rapidly changed, even in the last six months;
- Why a multilayered security approach can mitigate risks posed even by DDoS; and
- Where most businesses miss the mark when it comes to cybersecurity.
Over the course of his 23-year career, Moynahan has held a variety of executive and leadership positions within private and public companies. Before becoming president, he served as senior vice president of product management and corporate development at Arbor, where he helped set the company's strategic product and service vision, as well as new product development, business development partnerships and strategy for mergers and acquisitions.