Most data thefts could be stopped, says cyber investigator
It often seems as if organizations are helpless against cyber attacks โ after all, even veteran experts admit that a determined intruder canโt be prevented from breaching the network.
But a security consultant maintains that the spread of many notorious breaches could have been stopped if security teams had paid attention to clear warnings of an intrusion.
โThat isย a recurring theme of almost every large breach Iโve worked,โ Timothy Ryan, a former FBI cyber investigator and current managing director of security at 2014 cyber attack to cost Sony US$35 million
Ryan predicts that data and network destruction will increasingly be the strategies of attackers. some of whom will demand a ransom before data is wiped while others will merely flip the switch. โWe will all be reminiscing about the sweet old days when people were just stealing credit cards,โ he told the audience of carriers from Canada and the U.S. โYour networks provide a war-fighting capability, and when those networks go down it degrades the capabilities of the country that you operate in.โ
Thatโs why he said carriers and Internet operators face unique threats. As infrastructure providers they not only have to watch for attackers wanting sensitive data, they also have to have to detect attackers who want to crash their networks.
The problem, he said, is IT teams face too many alerts from systems and donโt know how to prioritize them. What CISOs have to do, Ryan said, is have a โsuccinctโ incident response plan that defines a security incident and how it gets escalated.
An incident, he added, isnโt โany time thereโs a technical problem that cannot be readily explained.โ In fact, he added, your organization is most likely to be warned of an intrusion in one of three ways: From an outsider (law enforcement, the media or a partner); your security infrastructure alarms, or a user that has been locked out or had email bounced back. CISOs need a response plan for each. โAny emergency response plan that categorizes every bad incident that could happen at your company is a waste of time.โ
He also touted the merits of new end point threat monitoring/detection tools โ such as CrowdStrike or Carbon Black โ which capture process and network connection information for every host. That can alleviate the need to do a lot of forensics on an attack, he said.
Related Download
Sponsor: Acquia
Can we save the open web?
Join the creator of Drupal, Dries Buytaert, in a discussion about the webโs evolution, how we can put the power of the internet back into the hands of the people, and how you can prepare your organization.
Register Now
