The group spent a lot of time discussing major security issues and how to improve defense capabilities. First and foremost, we’re all familiar with the term APT, but the group felt that the “A” is irrelevant. It’s all about persistence more than anything else. It’s hard to describe threats as really impactful or advanced, especially when so many are simple threats that are just very persistent. They also agreed that it’s important to extend monitoring, analytics and any other techniques to address it issue of persistence.
One great takeaway from the discussion was the role insider threats play in this struggle. It’s important to not think of an insider threat as just disgruntled employees but also consider that some employees could be working there from the beginning with malicious intentions. The discussion of augmenting existing technology with things like system intelligence also arose. The speaker brought up an example of what he’s seen done, which includes investing in monitoring social media for high risk employees. One of the toughest discussions brought up in the group involved having to tell the company CEO that the last few targeted attacks came from phishing attacks based on things his daughter was doing on Facebook.
The group agreed that it’s also important to ensure flexibility and understand where the targets might be. It’s similar to a very simple law enforcement technique: what are they after, and where are you vulnerable. It’s also a matter of knowing who your adversaries are. There has been a significant shift in adversaries we face in cybercrime from areas like Russia to the rest of Eastern Europe and Latin America. China continues to be a constant for nation state attacks but that’s changing as well. In many cases, the information on who the adversaries are and what they’re after changes. But not only what they’re after changes, but also how what they’re after moves changes.
The last topic addressed was the idea of being able to bridge the gap. The group talked at length about the trend of moving the CISO role out of IT and into the business end of an organization. It was stressed however that the CISO role cannot become a “holier than thou” scenario or completely separate from IT because they’re absolutely vital to the challenges IT faces.