Hackers ahead of security teams


It’s a strange fact that hackers are keeping ahead
of the security teams and CISOs inside organizations.

Hackers always win in some way or the other as they
have less to lose, have more angles to attack, can use more
methods/tools/vectors and have no limits on how far they can go to get what
they want.
Meanwhile, comfortable illusions about how security
is working are crippling the ability of government and industry to fight the
threat, a former member of the FBI’s netsec team has told the BSides San
Francisco 2017 security conference.

Government and business don’t get on, Artificial
Intelligence is bunk and politics rules.
Society is still disillusioned about the working of government
and corporation in maintain computer security but the fact is that we are
having false belief in the power of technology to save us. Five years ago
everyone assumed that big finance houses knew what they were doing to lock down
bank accounts. Now they are playing catch up. 

“The government is very reactive,” said Jason Truppi, director of endpoint
detection and response at security firm Tanium and a former FBI investigator.
“Over time we’ve learned it wasn’t working – just being reactive, not
proactive.”
The government and the commercial sector isn’t
working productively and we need to accept this fact to solve online threats.

On threat intelligence sharing, for example, the
government encourages business to share news of vulnerabilities. But the
subsequent investigations can be wide-ranging and lead to business’ people
being charged for unrelated matters. A result companies are increasingly
unwilling to share data if it exposes them to wider risks.

Organisations, government and individuals only
actually work on threats when they prove themselves to be tangible which is why
selling security services in unreglated industries is so difficult.
Companies don’t get their own infosec problems and
don’t care that much. Commercial sector is still trying to hire good network
security people, but bog them down in useless false alerts and management
panics.

A single false alert can take up days of time, but
upper management – who don’t understand the issues – can tie up days of team
time dealing with an alert that isn’t a serious issue, said Truppi. Banks are
better in this case because many companies have the view that if they have a disaster
recovery plan in place, then they’re sorted which is not true.

The traditional view is that hackers will try to
fake stock trades but this is an old method because it can be checked before
the payout. The new way is to use insider trading to extract money.

Truppi warned that recent
future will experience major internet outrages because of botnets
of things taking down sections of the internet. It will be interesting how the
governments and commercial sectors will deal with it.

Leave a Reply