The National Institute of Standards and Technology (NIST) will be holding their 3rd Cybersecurity Framework Workshop from July 10-12 in San Diego, California to discuss Executive Order 13636, which deals with "Improving Critical Infrastructure Cybersecurity." The Order is a joint effort to develop a framework between NIST and industry members to help reduce the risk of cyberattacks.
Spikes has great interest in contributing to the ongoing efforts to stop cyberattacks, especially through web browsers, where over 90% of malware attacks are based. We have proposed to NIST the following initiatives to help combat the malware epidemic:
Education on the real problem: Propagate to all parties the inherent risk associated with malware coming through web browsers. Many valuable resources have begun recognizing this issue in their threat analysis reports found below:
These resources, among many others, provide valuable insight into the actual cause, and not just mere symptoms of cyberattacks across enterprises and government entities. It is important for these groups to be aware of the growing epidemic, and how modern web browsing infrastructure is no longer simply rendered HTML with images. Modern web browsing consists of many avenues for malware to infiltrate a network, including through Flash and Java, which is prevalent in modern browsers. To really deal with the cause of this epidemic, it is imperative to identify the source of the problem.
Education on new technologies: With the adoption of sandboxes, hypervisors, intrusion detection, and remote applications streaming (VDI), the tools to combat malware are presently available, unbeknownst to most in cybersecurity. Browsing the web can be done safely with these tools by executing a browser outside your firewall, within a sandbox, on a type 1 (bare metal) hypervisor! The only truly safe way to browse the web is by having it physically separated from your client machine.
We hope NIST has taken our insights and techniques on how to combat cyberattacks into consideration, and we will continue to inform users that the tools to combat cyberattacks are already available!