de-facto-cybercriminal-youth-with-hood-and-covered-face.jpg is turning into a comic relief element for me with every one of these cyber-security articles.
This is the future (but really just one small step) of defensive measures that need to be taken against computer network exploitation.
There is essentially no computer network that can not be breached by dedicated and patient (and especially funded) hackers. With increasing importance it is crucial to merely assume that your network has been compromised and work on continual investigation for evidence of full compromise. Assume breach methodology also calls for better credential management: most networks - once on the inside - are very 'flat' in the sense that it's only a couple hops from any user to a network superuser.
This is the reason, for example, why Google's internal corporate network is now internet accessible (corp.google.com). Google has taken the stance that they can not rely on a network perimeter to keep adversaries out and are proving it by not relying on that perimeter for security.
Assumed breach philosophy dictates that detection (e.g. by finding anomolous activity, and alerting on signatures) and response/recovery (e.g. isolation of machines, rolling credentials en masse, forensics to determine scope of compromise) are at least as important as prevention.
Another layer of protection is the cloud where scaled efforts can be made to provide security. Here patches, access controls, isolation, logging and audits can be performed more cheaply by the provider than it can be done as a sum over all individual corporations. Of course, the hypervisor and virtual networking themselves provide a strong security container.
Many of these cloud providers and large US industries (finance, energy) rest on top of segmented parts of the US's DISN (the Defense Information Systems Network) where the DoD can monitor the periphery for cyberattacks and alert companies.
This is one example of data sharing - another large investment being made by the US to secure its cyberspace. Corporations can buy services from Mandiant, Fireeye and a number of other private parties for real-time information about threat intelligence (exploit/behavioral signitures and hacking group MOs). While expensive, these subscriptions can pay for themselves if they prevent or mitigate costs associated with a large breach.
Data sharing is also done between companies on legal agreement. Large companies form networks on threat intelligence - sharing information about malware signatures, activity, source IPs and account names of malignant activity. This is a cheaper option, though the intelligence is less 'curated'.
Finally, the US provides threat intelligence to onboarded corporations using formats like STIX and TAXI. At the speed of computer networking detection capabilities for tooling and tactics of adversaries can be proliferated cross industry so that, even if a breach is successful, if it is detected the cost for attacking other corporations is raised - malware must be recompiled, etc.
Computer intrusion is a cat and mouse game and none of these things, even their sum together, will stop successful breaches. They are, however, cheap means that increase the cost and required sophistication of attackers. Attackers continue to grow in sophistication and today, still outpace all layered defenses.
