The number of attackers has increased, the attack surface has gotten bigger and the geopolitical situation has brought more nation states into the mix, a group of security pros on a “Global Trends in Cybercrime” panel led by National Security Agency Chief Risk Officer Anne Neuberger said Thursday.
Speaking at the SINET Innovation Summit in New York, Suleyman Anil, head of cyber defence in the emerging security challenges division at NATO, noted the complexity of cyber conflicts where criminals can use anonymity and, in a moment of levity, lamented the days of the Cold War when “life was tougher but simpler.”
While the complexity of attacks and challenges it presents to security organizations have grown, many of the advanced persistent threats that security professionals are seeing are “mostly just persistent, not very advanced,” said Chris Gibson, director of Cert-UK. “They're easy to do,” which opens up the field to more bad guys.
In the last 15 years, companies have “come to realize how low tech compromises are,” said Eduardo Perez, senior vice president of North America Risk Services at Visa. Perez explained that most of the compromises are done by obtaining admin credentials. In most cases, “companies failed on some basic protocol,” he said.
Dane VandenBerg, director, Qintel, noted an uptick in cybercriminals “looking for specific credentials” at companies. “Then they get a foothold into something much larger,” he said.
Anil warned that it's “wrong now to talk about a single incident” because “every incident is part of larger campaign.”
The panelists urged companies to practice basic good hygiene.
