With global cyberattacks surging, a never-ending list of software vulnerabilities being discovered around the world every hour and new data breaches being announced daily, how are enterprises evaluating, preparing for and responding to online threats?
From mobile threats to ransomware emergencies, from silent malware that specifically targets online banks to dealing with SSL encryption, the latest trends continue to tell a scary story.
Taking a step back: What are the right questions to be asking?
It’s called cyberthreat intelligence. And almost everyone seems to be interested. Well, at least most people at SecureWorld Expo events across the nation.
Gartner has defined threat intelligence as: “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.”
Over the past nine weeks, I have been the moderator of three different SecureWorld Expo panel discussions on the topic of the global cyberthreat landscape. The one-hour sessions were titled: Current Threatscape. (For more details, see the 1:15 p.m. panel description on this online agenda). Whether in Boston, Philadelphia or Atlanta, the industry expert brought up a long list of threat actors, vulnerabilities, cyberattack channels — as well as potential solutions to consider.
The SecureWorld Expo panelists came from a diverse group of security, technology and telecommunications vendors. For example, at the session this past week in Atlanta, the panelists included:
Greg Simmons, Peak 10 Kevin Peterson, Zscaler Jerrod Piker, Check Point Rohit Kinra, Verisign John Ode, Cisco Ron Winward, Radware
So what were the hot topics discussed? Were there common answers across events? Here are 15 of the good cyberthreat questions covered by the panels.
15 Cyberthreat Questions:
What are the most concerning attack vectors that exist in the wild today? Why is automation important in defending against cyberattacks? Volumetric attacks threaten to fill Internet links. Where is the balance between protecting my network from cyberattacks and being prepared for volumetric attacks without running everything through a cloud service? As the frequency and severity of data breaches continue to grow, what can I do beyond firewalls and intrusion detection to protect my data and my company from these threats? My company is subject to payment card industry (PCI), Health Insurance Portability and Accountability Act (HIPAA) or other regulations related to Personally Identifiable Information (PII) or Electronic Protected Health Information (ePHI), what are the key things I need to consider as a part of my security strategy? How do security threats factor into my disaster recovery planning? What impact will the rise in secure sockets layer (SSL) traffic have on the threat landscape? Is there really such a thing as "shadow IT," or is it really just IT? In either case, what's the impact to the increase in cyberthreats? Are organizations doing enough to collaborate on threats? Ransomware is running rampant, and detection is not enough because the data is already lost at the point of infection. What can we do to prevent ransomware from holding our data hostage? Studies and surveys show that endpoints are increasingly becoming a high-profile target for attackers because the modern workforce is rarely stationary behind our robust enterprise security solutions. How can we protect roaming endpoints from becoming infected through unprotected channels, such as external media and open Wi-Fi networks, and how can we stop data exfiltration and lateral movement if these endpoints do become infected? Attackers continue to innovate, using new tricks and techniques to even bypass breach detection systems in order to infiltrate organizations and steal valuable data and/or cause damage. Is there anything we can do to not only detect but also stop these evasions from happening? As we deploy our applications in diverse environments, including public clouds, how do we ensure the same level of security/protection in environments we don’t control? Malware continues to grow at an explosive rate, so what are our options to protect our environment(s) from being compromised? As the distributed denial of service (DDoS) threat surface continues to increase (more devices, more deployment of broadband with high speeds, increase of actors/groups), what options are available to protect ourselves from the increasing size and ferocity of DDoS attacks? There were also some heated discussions related to attracting and retaining cybertalent, where you should spend your precious budget dollars and the need for better processes and procedures in responding to incidents.
Here is a recent SecureWorld Expo interview with Christopher Pierson on cyberthreats.
Cyberthreat Resources: Answers Please?
Yes, there were and are panelist answers to all of these questions. Still many of the solutions offered are evolving and continue to challenge even the best and brightest.
Here are a few industry resources that can help in your research as well as point you toward an overall framework/strategy in dealing with cyberthreats.
US CERT Current Activities Symantec Internet Threat Report McAfee Labs Threats Report Forcepoint 2016 Global Threat Report Trend Micro Current Threat Activity FireEye/iSight Partners Cyberthreat Impacts
How are these online threats playing out in terms of government and private-sector businesses around the world? There is a long list of relevant headlines related to cyberthreats and response. Here are a few recent actions and related stories on this topic:
The Reserve Bank of India mandates new policies to keep hackers at bay. How Ransomware Affects Hospital Data Security Maybe Wall Street has the Solution to Stopping Cyber Attacks This topic is also an important cybersecurity focus that I will keep coming back to every six to seven months. My past blog from 2015 described emerging cyberthreats, and many of the 2016 predictions laid out the expectations for this year. Many of these cyber predictions are coming true — especially on ransomware.
What are the best resources that your organization uses regarding cyberintelligence and online threats? Feel free to leave a comment with recommended solutions.