Category Archives: Business of Security

Security Is Like Eating An Elephant

| By | Business of Security, Executive Perspectives, Security Perspective

Today’s security environment is daunting. If it’s not advanced persistent threat (APT) actors compromising data systems, it’s good old human fallibility. Protecting IT assets can make a security professional feel like a modern-day Sisyphus, staring helplessly as the boulder breaks free and rolls back to the bottom of the hill.

In a recent article, the UK Information Commissioner’s Office (ICO) proclaimed that the majority of data breach incidents can be attributed to staff carelessness. Continue reading »

Security Consolidation: Leveraging Business Intelligence

| By | Business of Security, Executive Perspectives, Security Perspective

With business intelligence moving to the top of the priority stack followed by updating legacy systems, we must wonder when the same forward looking view will be applied to security strategies. All too commonly, we see overly complex security controls that have evolved into an ugly kludge, where the same focus is applied generically across the business.

If we can see the value that business intelligence has to focus the business, then surely the same should apply to our business processes and the security controls that enable them. We must be able to define core processes and information and the technology that wraps around them. Then, we must allocate relevant security controls based on the business value of those processes. Typically, security is far from being operationally efficient. If anyone is in the process of reviewing the modernization of legacy systems, then security would be one key aspect that is due for a face lift.

Cyber Insurance – the Chicken and the Egg

| By | Business of Security, Executive Perspectives, Security Perspective

Today, one of the most common discussions I have is “How do I qualify the cyber security risk to my board?” The security industry is very good at being able to define the type and scale of threats active today, and indeed with projects such as CISP, companies are starting to share intelligence with each other about the attributes of real time attacks they are seeing. Yet, we still have a major hurdle to tackle, which is the business impact that comes from incidents. While we continue to see any breach as a failure we will continue to keep the business impact of an attack a closely guarded secret. Legislation, such as the disclosure laws in the U.S. (which the EU is looking to repeat at some level in the proposed Network and Information Security directive) mandate the disclosure of what personally identifiable data was taken, yet this is not the impact, simply one of the potential catalysts of impact. Continue reading »

Knowing Your Attacker — Clues Embedded in the Infection Life Cycle

| By | Business of Security, Security Perspective

Without the ability to perform offensive counter-operations, or the aid of significant SIGINT capabilities, 99 percent of private companies lack the ability to do true attribution to the operator level of cyber attacks. This difficulty is especially exacerbated when trying to analyze disjoint malware artifacts from the exploit life cycle. That is to say, even when a skilled malware analyst is handed an executable file out of context, it is difficult or impossible for him or her to say whether the attacker was Hyun-soo Kim, Ivo Russinov, or Edward Snowden. Most non-government organizations simply lack the situational G2 and knowledge of adversary TTPs to confidently (or at least, accurately) point the finger at a specific actor, or frankly, even a nation-state. Most of this reality is due to the fact that they can only see the small subset of malware that a) has been used against them, and b) that they can detect. That being said, when examining attacks within their full context - from targeting, to attacking, to the installation of long term implants, to lateral movement, and finally to data exfiltration - certain tippers can be gleaned from technical artifacts left in each stage that help paint the picture in broad strokes.

Continue reading »