Businesses should go on the offense in the fight against cybercrime as threat actors adopt new and evolving tactics Bryan Fite, account CISO at BT Security, told an audience at the RSA 2017 Conference.
Modern attack methods have placed the capabilities that were once the domain only of nation states into the hands of small-time criminals, cybergangs and hacktivist, creating a new level of threats.
Fite said ultimately threat actors are out pacing the good guys in terms of innovation and techniques because traditional cyber defense models of building parameters and security add-ons don’t work.
Fite added that even industries such as banks, corporations and countries, which were traditionally expected to protect themselves, are still having problems despite the amount of resources they spend on security.
To cope with these deficiencies Fite said businesses should create a digital road map to identify their assets, protect data, know how to respond to breaches, and how to recover lost data. Once valuable assets are identified, firms should consider taking extra precautions such as encrypting important information within their systems to make it harder to access in the event of a breach.
Another part of the problem, he said, is businesses falsely believe their assets are only in their “secret sauce,” not taking into account the valuable data surrounding their manufacturing process is also important to threat actors.
“You can reverse engineer the chemical makeup of that,” Fite said referring to proprietary information. “It’s how you take that secret recipe and manufacture that the same way globally and make money and keep the quality control,” that’s important to threat actors.
Fite said the real assets aren’t in the recipe, but the manufacturing process or how open source or standard technology and put it together to deliver your business. In addition, he said it’s important to understand there is gold in their logs and data collected and companies should consider keeping certain information longer than the mandatory minimum so that if something does come up they can look back at their records and learn from them.
In addition to identifying assets, businesses should research who their adversaries are and who would want to target their data as well as have profiles on these potential threats. If they have already been breached, companies should conduct post a mortem analysis on the incident to figure out what can be learned.
As threats evolve, it’s also important for firms to cover the human element of cybersecurity and stay prepared by having policies concerning blackmail, insider threats, and other security issues such as social engineering attacks.