After we checked in, our elevator ascended to the 4th floor of the Washington Post on October 6th, where everyone on board was anxious to get their seat inside the "Live Center." The 6th Annual
Cybersecurity Summit was at 9:00AM just on the tails of international news from
Yahoo,
Julian Assange and the
NSA.
The TV cameras were lined up in the rear and the chairs were set on stage, for 30 minute talks with key thought leaders across the United States. One could not miss the ceiling-based sensors capturing the faces of each person attending. The moderators from the Washington Post, were all prepared with their specific area of questions to address such topics as:
- Protecting Personal Data
- Political Hacks and Leaks
- Cyberspace: A 21st Century Warzone
- A Focus on Critical Infrastructure
- The White House and Cybersecurity
Flashback 6 years to Harrison Ford's movie
Firewall,
and the viewer is entertained with a combination of Seattle bank heist,
kidnapping and good old fashioned Hollywood chase and fight scenes. There is even a degree of deception and conspiracy mixed in to spice up
the story line. The plot is full of
social engineering lessons, that even those with little knowledge of high technology can learn a thing or two.
While
the actual high technology bank heist turns out to be nothing more than
a simple stealing of account numbers and a transfer of $10,000 from
10,000 high net worth customers, the movie title is a ploy. In only one
short sequence is there any focus on the fact that the bank is being
attacked on a daily basis from other locations on the other side of the
globe. Those attackers using new and increasingly sophisticated
strategies, are consistently giving financial institutions new challenges
to secure their real assets, binary code.
In
early 2005, a criminal gang with advanced hacking skills had tried to
steal GBP 220 million (USD 421 million) from the London offices of the
Japanese banking group Sumitomo and transfer the funds to 10 bank
accounts around the world. Intelligence on the attempted theft via key
logging software installed on banks' computers had been circulating in
security circles at that point in time. Soon thereafter, warnings were issued to
financial institutions by the police to be on the alert for criminals
using Trojan Horse technology that can record every key stroke made on a
computer.
In this decade old case and
even in the movie, the "insider" is a 99.9% chance. A person has been
bribed, threatened or spoofed in order for the actual fraud or heist to
occur. The people who work inside the institution are far more likely to
be the real source of your catastrophic digital incident, rather than the skilled hacker using
key logging software. More and more, the real way to mitigate these
potential risks is through behavior profiles, continuous monitoring and deep learning analysis.
The
human element, which relates to situational awareness, can't be ignored any longer. And this can only be changed through more effective education, training, and testing
of employees. An organization that procures technology worth millions of dollars is
naive, if you don't invest in educating your employees to make the
investment worthwhile. Sometimes the human element stands alone. Just ask
Mr. Robot.
Awareness, detection and determination of threat, deployment, taking
action, and alertness are key ingredients for security.
"Predictive Intelligence
comes into play as organizations recognize that detecting threats,
starts long before the firewall is compromised, falsified accounts
established and bribes taken."
The Israeli Airline
El Al has known for a long time, the power of humans as a force in
security. An empowered, trained and aware group of people will
contribute to the layered framework, as a force multiplier that is
unequaled by any other technology investment.
The cyber topics and IP theft news this week should be a wake-up call for those institutions who still have not given
their employees more of the skills and their Operational Risk Management (ORM) professionals the
predictive tools for detecting human threats, long before any real losses occur.
The truth is, that "Insider Threat" data is being collected by the minute and the hour. The public and private sectors have the highest concern about malicious insider activities to this day. What are some examples of the behavior? Some of these are observable by other humans and others only by machines and software. Do you currently measure the number of times per day a user on your network copies files from their system to a removable drive or Dropbox account?
Executive Order
13587 was just the beginning to address the single point failures in the Defense Industrial Base supply chains.
Think inside the true threat. Ask questions about relationships, personality, job satisfaction, organizational structure, punctuality and who is leaving the organization. Who has just joined the company? The interdependencies are vast and complex and both data and metadata need to be collected for effective Activity-Based Intelligence (ABI).
Anomaly Detection at Multiple Scales (ADAM) and the research on better understanding the
"Forest for the Trees" scenarios is our destiny for the true threat. We will continue our security vs. privacy policy debates, yet at the end of the day, maybe the answers are as simple as
Rubik's Cube.
If you start thinking
of the Super Bowl championship as your motivation, you are going to miss
the trees for the forest or the forest for the trees. I never could
understand that one.
Marv Levy
Read more at: https://www.brainyquote.com/search_results.html?q=forest+for+the+trees
