Dismantling Cyber Delivery Systems
Untangling the Threat in Cyberspace
Security professionals will often say that there are two types of organizations: “those that have been hacked and those that don’t yet know that they have been.” Breaches are expensive and embarrassing, and attract scrutiny from regulators and customers. Yet, despite the threat and impact of targeted cyber attacks achieving recognition from decision makers, solutions remain elusive. As disclosures continue to be announced, I’ve noticed that investments in security technologies remain focused on solutions that have been proven ineffective against actors with persistent tactics.
Investment in these solutions only addresses a narrow part of the actual threat landscape as they tend to look at isolated events rather than patterns, leaving the results to look like forensics and not prevention. However, attacks must be considered within the context of a campaign that unfolds over many months and years.
Rather than solely relying on detecting and thwarting cyber weapons, proactively understanding the weapons’ delivery systems offers a solution to untangle this Gordian knot. Primarily, the delivery system is being driven by social engineering, which has observable commonality across targets. Addressing the patterns across social engineering is the huge missed opportunity in cyber defense.
One of the things I’ve learned is that building higher walls is an ineffective defense strategy. The most effective security is built on a layered defense. Data solutions are at the heart of a layered defense because:
1. Data turns unknowns into known
2. Data compliments existing security tools
The next generation of intelligent cyber defenses will be driven by data and deep learning systems. This shift will allow us to finally get ahead of attacks, instead of always cleaning them up.
