A collection point
...and some of my own.
Jeremy Bergsman Practice Manager, CEBChief information security officers and their teams should collect information on who's attacking their firm, rather than just how it's done, says Jeremy Bergsman
Over 95% of CISOs say it is at least ‘moderately likely’ that their company will face an ‘advanced’ attack in the next 12 months. Worse, nearly three-quarters of CISOs think their function won’t deal with it properly. Advanced threats are substantially different to traditional threats. They differ because they are harder to detect and prevent, and are perpetrated by hackers that are more skilful and have more resources. CISOs consistently rank advanced threats as the most severe and uncontrollable they face. Examples include social engineering and/or phishing, hacktivism, state-sponsored attacks, and information-related organized crime and fraud. One big problem is that many CISOs only focus on how an attack is conducted (ie, on the techniques used) and assume that figuring out who is behind an attack is for IT vendors, law enforcement, or only the most advanced information security (IS) functions. This is short-sighted and means teams will miss valuable information that is not overly onerous to collect, and which can help combat many different types of threat. With all the internal and external threat intelligence that IS teams now collect, hunters (one of the more exciting corporate titles) or other IS staff who sift through this information, can search for indicators or techniques associated with a particular attacker, or group, that can identify new threats and pre-empt advanced attackers. In particular, IS teams should work on two processes: attribution, or determining the identity of the individual or group launching the attack; and attacker profiling, or compiling attacker characteristics, location, and techniques. Some CISOs may not feel their advanced threat processes are sophisticated enough for profiling, but there are some basic methods that work well.
By categorizing attackers, organizations can develop more targeted responses and anticipate future attacks. For instance, because organized crime, competitor, and state-sponsored attackers are more likely to launch multiple attacks, recording information about these intruders can help organizations recognize them again in the future. https://www.alienvault.com/docs/SANS-Cyber-Threat-Intelligence-Survey-2015.pdf
http://weis2015.econinfosec.org/papers/WEIS_2015_aziz.pdf
http://www.cio.com/article/2872517/data-breach/6-biggest-business-security-risks-and-how-you-can-fight-back.html
|
Linking the world
Sharing is caring Archives
May 2024
Categories |