When unidentified hackers broke into a computer network at the Sands casino in Las Vegas in February of 2014, insiders and experts assumed it was a large-scale but routine heist. More than a year later, director of national intelligence James Clapper pinned the blame on Iran, citing the foreign government’s anger regarding anti-Iranian comments made by Sands owner Sheldon Adelson.
In November of 2014, North Korea hacked Sony Pictures with malware, later leaking personal emails and unreleased movies online. When a North Korean group threatened widespread violence at Sony’s premiere of The Interview, many theaters canceled screenings, and Sony canceled its theatrical release (the film later debuted on streaming platforms and screened in some theaters). President Obama called Sony’s response a “mistake.”
The questions in the cybersecurity and IT world then became: Why have foreign governments turned their attention to privately owned and publicly traded companies? What role should the White House have in mediation and defense? Could a foreign government attack the United States based on private enterprise?
Brian Arellanes, a cybersecurity expert, is hoping to help provide answers. The founder and CEO of ITSource Technology works with high-profile companies and major government agencies, using encryption, processes, and other techniques to secure their environments. After 9/11, Arellanes consulted for the Department of Homeland Security for what became the largest hiring effort in the country’s history. He was responsible for hiring and training security professionals in the national rollout of explosive detection systems and technology.
Arellanes says a lot has changed in the last few years. “We’re no longer scared of a hacker in his mom’s basement. The bigger threats are countries or nation states that are actually trying to attack private companies. These are scarier because countries with deep pockets and resources are now attacking us, which means our nation’s economy is at risk,” he explains.
Historically, when nations engaged in cyber attacks against other nations, private citizens and companies had been able to trust their government to intervene. But in this new reality, where nations rise against corporations, the rules have yet to be written. The Obama administration increased sanctions against North Korea for its role in the Sony Hack. Arellanes—who recently sat on an industry panel with the FBI’s squad leader for cybersecurity—says the United States will have to determine what’s considered an act of war and then draft guidelines and regulations to govern its response.
This new breed of hacker has a specific motivation. “Not only can they get the personally identifiable information that we’re concerned about, but they could get trade secrets and intellectual property that could cripple our economy,” Arellanes says. Countries have attacked industrial and engineering companies in an effort to compete with American companies or simply produce their own products to avoid purchasing them directly. Additionally, according to Arellanes, some foreign governments sponsor industry. “Those governments stand to profit while weakening the US economy at the same time,” he explains. But while the government has strong defenses in place, corporations generally haven’t yet had to withstand cyber attacks, and therefore do not have that level of security.
“The reality of the industry today is that we have to protect others and ourselves, both at work and at home.”
The modern solutions ITSource recommends to corporations at risk include tools that encrypt and protect data before a breach occurs so attackers walk away with fool’s gold instead of gold. The company has partnered with industry leaders like HP, whose Voltage security process randomizes information so hackers don’t realize they have false information.
Because ITSource Technology helps Fortune 100 level clients, the company weaves security into everything it does including app development, taking every possible step to secure the way it conducts business. “The reality of the industry today is that we have to protect others and ourselves, both at work and at home,” Arellanes says, adding that he enrolled in ID protection services after discovering his own information was compromised in the Anthem attack.
While the Anthem attack and others have made headlines, Arellanes knows that behind every newsworthy attack lie hundreds or even thousands of other attacks that fly under the radar. “In addition to detecting and preventing attacks for our clients, we have to raise awareness around the importance of protecting data,” he says. While most companies are increasing IT budgets by 20 percent to address rising threats, Arellanes expects that number to jump as high as 40 percent in the next one to three years. With the potential increase, he’s using his experience and influence to encourage young Hispanics to consider the huge opportunities in the talent-poor sector of IT Security.
Although US companies are more protected than this time last year, there is a long way to go. The world is becoming more connected as it moves towards the inevitable “Internet of things,” in which every device and every computer and every car and every gadget is in a network, connected online all the time.
“That will open up huge holes,” Arellanes says, “and we’ve got to stay one step ahead.”