LegalSEC® - Cybersecurity

 View Only

FISHYBEAR the APT of 2015

By Tom Brennan posted 02-26-2015 15:22

  

After my talk at the NYC FBI ICCS event, I was asked by media and attendees about predictions for Cyber Security in 2015. I explained that the attack surface for organizations is very W-I-D-E and a weakness.  (Click READ MORE for full blog post)

There is simply not enough people, budget or time for the majority of organizations to fight effectively. The "Fishy Bear" attack is the new APT.  Responsibility falls to the Chief Executive Officer appointed by the Board of Directors for the share holders. In 2015 everyone must take a top down review of the business and agree on the acceptable risk tolerance. Then this communication must have be cascaded down the organization as everyone is part of security.

I provided suggestions for questions to ask at your next proactive cyber security meeting should include the following:

  • Which threats are relevant to our business?
  • What’s connected, what are the most critical services... who runs them?
  • Is there a formalized response process in the event of a breach?
  • What is your companies formal disclosure process?
  • What industry and enforcement relationships are in place when needed to ring the fire alarm?
  • Have we conducted a mock exercise to identify our strengths and weaknesses - are you ready to fight?

I explained that if you understand the attackers are HUMAN NOT COMPUTERS. Then you have to undertand that every attacker to be successful has to do be successful in (4) ways

  • breach perimeter security without detection
  • propagate from system to system undetected
  • arrogate the treasure inside the organization undetected
  • must exfiltrate the treasure out of the organization undetected

That is a lot of work for the bad guy(s). If the defender (YOU) can detect the intruder and STOP one of those 4 things from happening you WIN and you can fight another day....

Most organizations are attempting to track and log lots of things are they tracking the right things? To help get your hands around the elephant examine your program here is the proactive TOP 10 for 2015 - can you identify:

  • Unusual account activity based on known behaviors or the account holders
  • Unexplained outbound activity from systems
  • Newly created files on systems in system directories
  • Login geographic origin anomalies
  • Unexplained changes to the windows registry
  • Attempts to tamper log archives
  • Anti-virus/Anti-malware control tampering
  • Service activity (added/stopped/paused)
  • Unexplained downtime
  • Unauthorized administrative console access

If you can confidentially answer YES to the above congratulations -- you should be "compliant" and are now ready to contract with a 3rd party to test your systems for the advanced FISHYBEAR tactics, the convergence of physical and logical has happened just look around... what does not have a IP address or use software these days?

Semper Fidelis

Tom Brennan @brennantom
ProactiveRISK | www.proactiverisk.com



#LegalSEC
0 comments
140 views

Permalink