In September 2021, members of one of the most renowned ransomware groups, REvil, were met with an unpleasant surprise: The hacked were hacking back. Specifically, the U.S. Department of Justice (DOJ) and its partners had penetrated the cyber thugs’ infrastructure by hacking their backup infrastructure. REvil, whose servers had been shut down, restored them using a backup. But the U.S. Government had already hacked it, and they used their access to start controlling some of REvil’s systems. As a result, over 49,000 computers and servers were protected from insipid ransomware.
The U.S. government isn’t taking ransomware and other cyber attacks sitting down. But its attack-back strategy involves more than covert digital ops throughout the dark web. The government has started instituting cyber standards that require businesses in some of the most pivotal industries to tighten their cyber belts. For example:
Using these and other measures, the Department of Defense (DoD) is fulfilling its three ongoing missions:
The efforts by the government have not only tightened security measures for organizations throughout the country, but their effects have also made a deep impact on the software development process.
The connection between the cybersecurity policies of the U.S. and software development is similar to those between U.S. driver safety laws and the car manufacturing industry. In short, private sector developers are saying: If the law dictates it, we have to build it. Truly secure software programs used to exist merely in fields of dreams, but now, developers know that when it comes to a secure app, if they build it, compliance will come. As a result, applications designed for a range of industries have security features as well as data protection measures woven into their DNA.
The necessity for secure apps that keep businesses in compliance with U.S. data security regulations has helped give birth to a relatively recent development methodology: DevSecOps.
DevSecOps involves incorporating security into the development process, not as an afterthought or “final step,” but throughout the development life cycle. The approach involves giving cybersecurity experts a seat at the development table, ensuring that all of an app’s components—and the interactions between them—enhance the security of the app, customer data, and the business systems that interface with it.
This approach is essential when designing solutions for organizations that need to rise to meet U.S. cybersecurity standards. For example, suppose a healthcare provider needed an app that managed patient data, making it easier for doctors and nurses to access the info they need on mobile devices in the palms of their hands.
HIPAA dictates that healthcare organizations need to “protect against reasonably anticipated, impermissible uses or disclosures” of patient data. Therefore, security pros on the DevSecOps team may have to work with the front-end and back-end developers to ensure:
In this way, the final product has the security features necessary to keep the healthcare organization’s data and operations secure.
It’s infeasible to manually monitor and adjust the data management systems, especially if they work with the information of tens of thousands of people. But with A.I., it can be relatively easy to meet data management standards outlined by the government—without sacrificing efficiency.
For example, A.I. can be used in search algorithms that execute queries across large volumes of data—much of which may be designated as “sensitive” by U.S. regulations. Using AI-enhanced search functions, everyone from financial advisers to physicians can quickly locate the information they need without leaving sensitive data on the screens of workstations for inordinate amounts of time.
This was the case in a recent study performed with doctors using an AI-enabled database. About 91.7% of them preferred the system, which produced the results they needed in 18% less time than a traditional database search.
There are several challenges organizations face when it comes to ensuring their systems protect them from the same threats the government is combatting:
But with custom-designed digital transformation, you can overcome these obstacles and create systems that put your operation on par with the cybersecurity standards needed to protect this country and its digital assets. To learn how this can happen for your organization, connect with our team at i-Link Solutions today.