As more devices become network-enabled, the number of vectors that malicious actors can use to gain access to sensitive information have increased tremendously. And as storage has become increasingly commoditized, the amount of information and data that government agencies keep has followed suit. That means that as time presses on, the volume of sensitive information that is susceptible to cyberattack increases – and the ways in which it can be accessed and attacked increases, as well.
Shawn Henry, President of CrowdStrike Services and CSO for CrowdStrike, would know.
Shawn is one of the many exciting speakers that will be appearing at the upcoming Fal.Con for Public Sector event. And, in his 24 years at the FBI, retiring as its Executive Assistant Director, Henry has overseen criminal and cyber investigations all over the world and tracked the evolution of cybercrime all the way from the early days of the internet right up to the present day.
In that time, he has seen adversaries grow more sophisticated as they pursue attacks of greater scale and higher value, especially against government organizations. And yet, he finds that much also remains the same.
He recently sat down with us in order to elaborate on what he has seen in the industry and to preview his discussion at next week’s Fal.Con for Public Sector.
Here is what he had to say:
GovCyberHub (GCH): Can you tell our readers a little bit about yourself and your current responsibilities within CrowdStrike?
Shawn Henry: I’ve been at CrowdStrike since 2012, and I am currently the president of the company’s security services.
Before CrowdStrike, I spent 24 years in the FBI. When I retired as the Executive Assistant Director, I was overseeing half of the Bureau’s investigative operations, including all of its criminal and cyber investigations, and its international operations and critical incident responses to things like major investigations and disasters.
GCH: You’ve worked extensively in cybercrime investigations both with the FBI and with CrowdStrike. How has the cyber threat landscape facing government agencies evolved and changed over the course of your 24-year career?
Shawn Henry: When I started at the FBI in the 90’s, the internet was in its nascent stages, and the Bureau was still feeling its way through and coming to understand what its role in cybersecurity would be. Back then, you would mostly see defacement and denial of service attacks, which are minor incidents compared to some of today’s attempts to steal networked information, which are far more complex.
What has changed, though, is the volume of critical data that is stored on networks, which has expanded dramatically. There’s an exponentially greater number of devices on the network now than there were back then—IoT devices like cameras, alarm systems, even refrigerators—that all contribute more threat vectors that malicious actors can use to infiltrate a network.
For cybercriminals, accessing networked data is incredibly valuable, and they have lots to gain from a financial or strategic perspective. Once they have access to it, they can sell it, take measures to exploit it, or destroy it to achieve their end goals.
Despite that exception however, the threat environment is still very similar to what it was. If you’re looking at all factors of an attack, the motives, vectors, and basic concepts of malicious cyberactivity have remained the same over the past 25 years. The same types of actors are pursuing the same objectives, just using increasingly sophisticated tools in a wider and more bountiful target space.
The more things change, the more things stay the same. You can quote me on that.
GCH: It seems like government agencies are more vulnerable today than ever before. Why is this? What new technologies, workplace/IT trends and attack vectors are making government agencies more susceptible today than in the past?
Shawn Henry: I think government agencies – like any large enterprise – are more vulnerable because they are increasingly storing their information on networked drives and platforms, so there are simply more types of valuable data stored in cyberspace, making it a more fertile ground for attackers.
Governments however, need to safeguard more sensitive information than many private businesses, and that makes them uniquely appealing to certain kinds of attackers.
A good example of this is the 2015 data breach at the Office of Personnel Management, which is to say that breaching government data could grant access to information that is far more sensitive than what one may find elsewhere.
Using say, the background information that the government collects when it grants a security clearance, like one’s financial situation, substance abuse or marital issues past or present, an attacker has what they need to put leverage on an individual, and one that may have access to classified information.
GCH: In a recent blog post, you talked about the impact that the COVID-19 pandemic has had on cybersecurity. Why are cybercriminals more active during global crises like these? How do these events empower them and enable them to successfully attack agencies?
Shawn Henry: Cybercriminals and adversaries will always exploit vulnerabilities. The massive increase in remote work that the COVID-19 pandemic has prompted could be a new vulnerability since so many more people now are accessing their organization’s network outside of traditional cybersecurity infrastructure, and without the traditional layer of cyberspace monitoring that is present in a traditional office environment.
Furthermore, any real-world crisis offers two unique features that can be exploited. Whenever there is some kind of national or world emergency—like a hurricane, pandemic, or a terrorist attack for example—people tend to seek out information online. We have seen adversaries take advantage of this to drive people to links with malicious code. I need to emphasize again that modern cyber attackers are sophisticated. They’re constantly testing and finding the best way to drive click throughs, so they have a finely tuned sense of how to lure people to their sites rather than some funny cat video.
The other feature of a crisis is that it adds one more thing to the list of risks that a cybersecurity team needs to defend against. And, because they are already busy dealing with the threats and vulnerabilities they would have under normal circumstances, paying attention to a far-reaching global crisis can make it possible for a cyberattack to be carried off successfully.
GCH: What are you planning to discuss during your session at the upcoming Fal.Con for Public Sector virtual event?
Shawn Henry: I’ll talk about the way the government and private sector need to work together in the current climate. I’ve heard people talk far too long about public-private partnerships. It’s not done enough to the extent that I think is necessary to deal with today’s threat environment.
I also want to talk about leadership, which you don’t really hear much about at cybersecurity conferences. I’ve responded to terror attacks, mass shootings, real crises over the past thirty years. The solution to these—or the prevention of further attacks—were all facilitated by examples of good leadership. I have too often seen failures in leadership – failure to adequately respond to a crisis, or poor preparation for one. This is key—rarely do I see bad leadership and good results.
At this year’s Fal.Con for Public Sector, I want to impress upon people that they should execute clear, successful, positive leadership values.
They should do so not only to foster good results now but to help teach and motivate the next generation of leaders, because the people who are here now are going to be here 20 to 30 years after I’m gone. I want them to be able to overcome the challenges that are to come.
GCH: Who do you think would benefit from attending Fal.Con for Public Sector this year? Why is now an important time to hold this event and why is it important to bring this community together – even virtually?
Shawn Henry: We are in an uncertain time in our nation’s history. With the protests, and COVID-19, it’s an uncertain time internationally. There’s a lot of saber rattling, which we see bleeding into the cyber realm. Whatever’s happening in the physical world, there’s always going to be a cyber component.
Anyone coming to Fal.Con for Public Sector will have a greater appreciation for the challenges that our industry is facing and a better idea of what is happening at the edge of innovation.
“But I also want to talk about leadership, which you don’t really hear much about at cybersecurity conferences.”
And I think that anyone, from new college graduates who are on the first day of the job, to seasoned veterans, will benefit. I learn from these conferences all the time. You never stop learning because you can always take advantage of someone else’s perspective and experience or get insight on a different skillset on a different platform.
Even if you’re retiring and moving on to the next stage of your life, coming to Fal.Con for Public Sector will give you the tools to better understand developments in the news and foster the next generation of leaders in this field.
To hear more from Shawn Henry, register for Fal.Con for Public Sector HERE.