Michael Morell is a career intelligence analyst with decades of experience in national cybersecurity. He’s served in roles like Former Deputy Director and twice Acting Director of the CIA from 2009 to 2013. Norman Menz, CEO of Flare, co-founded the third-party risk management provider Prevalent, before joining AI-driven vulnerability management startup Delve as COO.
They discuss issues around cybersecurity and geopolitics including the Russian invasion of Ukraine, as well as tensions between China and Taiwan. Morell draws on his experience as a cybersecurity leader to offer his perspective on what company executives should do to become more secure.
Check out our full webinar recording, The New Front in Warfare: Cyber Warfare & Security in the 21st Century, and/or keep reading for the highlights.
Russian Invasion of Ukraine and Cybersecurity
There have been instances of “hacktivism” and non-state sponsored actors getting in the way of the Russian military. Some have attacked Russian assets as well as countries allied with Russia in protest of the invasion.
Some civilians and open source intelligence (OSINT) organizations have contributed to documenting the war, such as using their smartphones to take pictures of Russian armed forces and geolocating them. This reflects the role technology now plays in our lives.
China-Taiwan Tensions and Potential Scenarios
Michael Morell outlined 2 potential attack scenarios with China and Taiwan:
- China attacks Taiwan with the purpose of putting Chinese armed forces on Taiwan. This could start with a huge cyberattack on Taiwan. The U.S. may not be directly relevant in this situation, as there hasn’t been a decision made on involvement. But if the U.S. did come to Taiwan’s aid, China could also launch a cyberattack on the U.S. and possibly interfere with U.S. satellites.
- Chinese forces could encircle Taiwan with naval vessels and fighter aircraft to inspect ships coming and going from Taiwan. This scenario would probably not involve a cyberattack.
Cybersecurity Recommendations for Company Executives
Morell stated 3 items that (cybersecurity) executives must keep in mind to protect their organizations:
- The U.S government does not have the capacity to protect every single organization, so organizational leaders have to establish cybersecurity measures themselves.
- Cybersecurity practices are not a one time fix, as the adversaries are always adapting. As companies are in the defense role, they have to be vigilant about the ways that the offense (threat actors) are evolving.
- Boards should be fluent in cybersecurity and be able to ask the same kind of questions about cybersecurity that they do about financial audits. They should not rely on the CISO/CIO, or another individual well-versed in cybersecurity. With every other significant risk organizations face, every leader must take ownership of understanding cyber.
How Flare Can Help
Flare enables you to automatically scan the clear and dark web for your organization’s leaked data, whether it be infected devices, technical data, source code, leaked credentials, or secrets on public GitHub repos. This approach enables you to proactively identify sensitive data leaks and prevent data breaches before malicious actors utilize them.
Flare allows you and your security team to:
- Get ahead of reacting to attempted network intrusions before they happen by rapidly detecting stolen credentials and infected devices for sale
- Cut incident response time by up to 95% and monitor around 10 billion leaked credentials
- Understand your organization’s external data exposure (digital footprint) with proactive recommendations to improve your security posture based on real world, contextualized data
Want to see how Flare can help your organization stay ahead of threat actors? Request a demo to learn more.