Sun Tzu wrote “ If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat.”
A fifth, man-made domain serving as a great force multiplier for free expression and commerce, cyberspace is also an open, unregulated playing field for criminals as well as malicious state and non-state actors. Michael Hayden, the former director of the National Security Agency, principal deputy director of National Intelligence, and director of the Central Intelligence Agency, has compared operating in cyberspace to swimming in shark-infested waters, where even the dolphins represent a threat. Applying an intelligence model to the challenge of thwarting an enemy’s mission to change, steal or destroy data begins with assessing the battlespace and striving for a 360-degree optic. Focusing on the human element – or the “skin behind the keyboard,” in the words of FBI Special Agent Donald Freese – is the basis for a robust strategy to protect the data, money and reputation on which commercial success relies.
Businesses can effectively reduce the attack space, mitigate risk and conduct more timely and effective incident response by securing servers and routers, using firewalls and sophisticated web codes, and rigorously applying both patches and back-up protocols. However, the corporate board, CIO or CISO who treats the threat of cyberattack as only an IT challenge with technical solutions, risks neglecting threats resulting from human error and inflexible strategy.
Assess the battle space: Cyberattacks do not occur from a cold start without signatures. Plugging into networks and chat rooms where attacks are being planned and using cognitive computing to sift through the big data enables collection on the enemy’s attack plans. Security intelligence should focus on who might be a potential enemy, the enemy of an associate or business partner, as well as whether business operations are taking place in a country where cyber sovereignty is practiced.
Striving for a 360-degree optic: Rallying security, human resources, and IT stakeholders to ensure as much information is collected and shared on vulnerability and threat data, results in the most effective executive decisions on countermeasures. Employees should have a secure channel for reporting social engineering and technical attacks. Businesses can benefit from reaching out to the FBI to report highly sophisticated malware or an APT.
Protecting against the insider threat: Insider threats result from both unwitting employees who require training to appreciate and defend against the dangers to which they are subjected as well as malicious employees with ill intent. Applying the need to know principle with access controls and using technology to conduct regular security checks reduces the attack space. Cross connecting human resources, IT, and security to conduct on-board vetting and followup engagement with employees has the additional benefit of creating a powerful ethos of security within the company, on which employees recognize their livelihood depends.
In 2013, Director of National Intelligence Jim Clapper announced cyber had overtaken terrorism as the most significant threat to our national security. There are, however, neither internationally recognized norms for operating in cyberspace nor laws for prosecuting the cybercriminals who cause roughly $500 billion per year in losses to the world economy. As demonstrated by the Apple iPhone decryption debate following the San Bernadino attack, the U.S. government is in the nascent stages of crafting a coherent cybersecurity policy with clear executive and legislative components to enable the cyber mission. For now, companies must rely individually on their own distinctive cybersecurity strategy to determine when they were penetrated, how long it will take to mitigate the threat, and which data warrants greater protection.
Daniel Hoffman is a former intelligence officer with 30 years of distinguished government service. He has broad expertise on geopolitical and transnational issues including the Middle East, South Asia, Russia, counterterrorism, cyber and counterintelligence.
Daniel will be participating in the afternoon panel, “The Trump Effect On Information Security: Is Less Regulation What We Need?, at RiskSec NY 2017.
The day-long event on May 2, to be held at Convene in midtown Manhattan, is SC Media’s new threat intelligence and risk management gathering for cybersecurity industry leaders.
RiskSec NY comprises interactive learning sessions, keynote and panel discussions, and an expo hall. The conference and expo was created to immerse attendees in highly personalized interactive exercises and discussions with senior thought-leaders in the cybersecurity industry.
At RiskSec NY. attendees will be gathering in a modern venue with state of the art audio-visual capabilities and superior meeting rooms conducive to learning and collaborating. The event offers unprecedented networking opportunities with industry headliners and insiders at our breakfast and luncheon receptions, and a unique opportunity to be part of the solutions to today’s most pressing issues in cybersecurity. As well, attendees can earn up to 9 CPEs at RiskSec NY.
Come hear Daniel Hoffman at RiskSec NY on May 2.
Among the other cybersecurity experts lined up to present are: Vicky Ames, director of information security at Marriott International, Aetna’s Brian Heemsoth, Flashpoint’s Lance James, Crumpton Group’s Rick Doten, The World Bank’s Sandra Sargent, and Oppenheimer CISO Henry Jiang.
Please visit our site to register. A full conference pass is $375, but for a limited time we invite you to sign up with a special Flash Sale Code of $199. Type “FEATURE” into the DISCOUNT CODE field for a savings of nearly $200.