Threat Management, Incident Response, Network Security, TDR

RSA 2016: To disrupt malware chain, focus on big wins

Security professionals tasked with protecting their organizations against cyber threats face ongoing challenges that are stacked heavily against even the most competent professionals. At the RSA Conference in San Francisco on Wednesday, a panel of information security veterans highlighted methods that would shift the odds in the favor of security professionals, rather than simply reacting to each new malware threat individually.

SANS Technology Institute dean of research Johannes Ullrich said organizations need to start by recognizing the dangers of their data sets. “Store less data," he advised. "It's no longer just an asset, it is a real liability.”

The panel discussed strategies that shift the economics of malware development by making it less effective to create and use malware. Malware creators have created a fully developed infrastructure, complete with supply chains, distribution channels, and customer trust -- and cybercriminals use this malware to quickly gain unauthorized access to valuable information.

One solution suggested was to create fake data by using honeycards. This would make it more difficult to use Trojan malware like Zuess effectively. "It gives the malware developers a bad reputation and makes it less worthwhile to buy that malware," said Ullrich.

Creating solutions to these big challenges requires creative thought and genuine innovation. "We have to completely rethink our worldview," said Winn Schwartau, SAC CEO. The solution? "We hire geeks who smoke weed and Asperger's people who can't function within the current 'norms'.”

Lance James, chief scientist at Flashpoint agreed that ambitious challenges like disrupting the malware infrastructure would benefit from the much-needed perspectives of employees who do not fit into the traditional workplace.

Before joining Flashpoint in 2015, James was head of cyber intelligence at Deloitte, a decidedly traditional environment. A sign hung outside his office offering employees free hugs. “Hug your employees,” he suggested, noting that the sign outside his office was really a way to build empathy for his employees' quirks. “They might make a difference.”

Schwartau added, “HR should not be able to not hire somebody because they fail the personality test.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.