09 October 2016

Forest for the Trees: Inside the True Threat...

After we checked in,  our elevator ascended to the 4th floor of the Washington Post on October 6th, where everyone on board was anxious to get their seat inside the "Live Center."  The 6th Annual Cybersecurity Summit was at 9:00AM just on the tails of international news from Yahoo, Julian Assange and the NSA.

The TV cameras were lined up in the rear and the chairs were set on stage, for 30 minute talks with key thought leaders across the United States.  One could not miss the ceiling-based sensors capturing the faces of each person attending.  The moderators from the Washington Post, were all prepared with their specific area of questions to address such topics as:
  • Protecting Personal Data
  • Political Hacks and Leaks
  • Cyberspace:  A 21st Century Warzone
  • A Focus on Critical Infrastructure
  • The White House and Cybersecurity
Flashback 6 years to Harrison Ford's movie Firewall, and the viewer is entertained with a combination of Seattle bank heist, kidnapping and good old fashioned Hollywood chase and fight scenes.  There is even a degree of deception and conspiracy mixed in to spice up the story line.  The plot is full of social engineering lessons, that even those with little knowledge of high technology can learn a thing or two.

While the actual high technology bank heist turns out to be nothing more than a simple stealing of account numbers and a transfer of $10,000 from 10,000 high net worth customers, the movie title is a ploy.  In only one short sequence is there any focus on the fact that the bank is being attacked on a daily basis from other locations on the other side of the globe.  Those attackers using new and increasingly sophisticated strategies, are consistently giving financial institutions new challenges to secure their real assets, binary code.
In early 2005, a criminal gang with advanced hacking skills had tried to steal GBP 220 million (USD 421 million) from the London offices of the Japanese banking group Sumitomo and transfer the funds to 10 bank accounts around the world. Intelligence on the attempted theft via key logging software installed on banks' computers had been circulating in security circles at that point in time.  Soon thereafter, warnings were issued to financial institutions by the police to be on the alert for criminals using Trojan Horse technology that can record every key stroke made on a computer.
In this decade old case and even in the movie, the "insider" is a 99.9% chance.  A person has been bribed, threatened or spoofed in order for the actual fraud or heist to occur.  The people who work inside the institution are far more likely to be the real source of your catastrophic digital incident, rather than the skilled hacker using key logging software.  More and more, the real way to mitigate these potential risks is through behavior profiles, continuous monitoring and deep learning analysis.

The human element, which relates to situational awareness, can't be ignored any longer.  And this can only be changed through more effective education, training, and testing of employees.  An organization that procures technology worth millions of dollars is naive, if you don't invest in educating your employees to make the investment worthwhile.  Sometimes the human element stands alone.  Just ask Mr. Robot.

Awareness, detection and determination of threat, deployment, taking action, and alertness are key ingredients for security.
"Predictive Intelligence comes into play as organizations recognize that detecting threats, starts long before the firewall is compromised, falsified accounts established and bribes taken."
The Israeli Airline El Al has known for a long time, the power of humans as a force in security.  An empowered, trained and aware group of people will contribute to the layered framework, as a force multiplier that is unequaled by any other technology investment.

The cyber topics and IP theft news this week should be a wake-up call for those institutions who still have not given their employees more of the skills and their Operational Risk Management (ORM) professionals the predictive tools for detecting human threats, long before any real losses occur.

The truth is, that "Insider Threat" data is being collected by the minute and the hour.  The public and private sectors have the highest concern about malicious insider activities to this day.  What are some examples of the behavior?  Some of these are observable by other humans and others only by machines and software.  Do you currently measure the number of times per day a user on your network copies files from their system to a removable drive or Dropbox account?

Executive Order 13587 was just the beginning to address the single point failures in the Defense Industrial Base supply chains.

Think inside the true threat.  Ask questions about relationships, personality, job satisfaction, organizational structure, punctuality and who is leaving the organization.  Who has just joined the company?  The interdependencies are vast and complex and both data and metadata need to be collected for effective Activity-Based Intelligence (ABI).

Anomaly Detection at Multiple Scales (ADAM) and the research on better understanding the "Forest for the Trees" scenarios is our destiny for the true threat.  We will continue our security vs. privacy policy debates, yet at the end of the day, maybe the answers are as simple as Rubik's Cube.
If you start thinking of the Super Bowl championship as your motivation, you are going to miss the trees for the forest or the forest for the trees. I never could understand that one. Marv Levy
Read more at: https://www.brainyquote.com/search_results.html?q=forest+for+the+trees

No comments:

Post a Comment