Know Your Enemy: Understanding the Threat Landscape, Challenges, and Best Practices

Cheri F. McGuire, Vice President, Global Government Affairs & Cybersecurity Policy, Symantec Corporation
Know Your Enemy: Understanding the Threat Landscape, Challenges, and Best Practices
Sensitive information under attack from a wide variety of sources, including well-meaning insiders, organized crime rings, nation states and advanced persistent threats (APT’s). Private and Public Sector are facing a changing information technology landscape that sees more information stored on smart phones, tablets and cloud services. Tiffany Jones will discuss the current global threat landscape, identify key security challenges apply critical best practices and solutions to protect your environment.

Key trends and security drivers
1. Sophisticated attacks
97% 2009 breaches used customised malware
75% of enterprises reported a cyber attack
2. Complex and changing infrastructure
More than 1B mobile devices connected tonthe Internet
Cloud computing expected to double by 2014, enterprise architectures at greater risk
3. Information explosion
Corporate info grows by 66% each year
4. Consumerisation of IT
BYOD, telecommuting, and the opening of corporate and public service networks to greater risks

Trends changing the threat landscape
1. Moving from a signature model to a reputational model
2. Desktop to mobile
3. Physical to virtual

Security must move from being system centric approaches to information centric to adapt and protect.

Threat landscape trends, as noted in report to be published in two months:
1. Targeted attacks continue to evolve
2. Social networking leveraged via social engineering
3. Hide and seek or 0 day vulns and rootkits
4. Attack kits are becoming more easily leveraged and accessed and complexity of attack is simplified in delivery
5. Mobile threats are increasing dramatically, as the PI on mobile devices is a high value target

Symantec is proposing that hacking remIns the highest impact breach type, and the average resolving cost is $7.2M. I think these numbers are inflated by a small number of high profile attacks, and think that insider attacks deserve far more attention. This smells of marketing scare tactics to sell security tools.

Mobile devices are noted as being primarily subject to trojans as the preferred attack vector, and often these are tied into social media avenues to gain access to PII and PCI; this I agree with.

Critical infrastructure attacks (SCADA) is cited by Symantec as an increasing risk area. In reality these have always been high risk, it's simply increased awareness of this now, I would suggest.

Device management, device security, content security, and identity & access are the defences against mobile threats proposed by Symantec. I wonder if they sell any products that do this? Yes, that was sarcasm.

The bottom line was to present a layered and clear security technology approach, to which I can agree, but I would have an increased focus on in parallel with the technologies, building both awareness and governance.

And at the tail end of the discussion, Cheri comes to plans and policies, so now we are in agreement. She suggests we start with governance with policies and plans socialised and established in the enterprise, including security requirements being built into acquisition contracts, buying from trusted sources, effective backup and recovery plans, and support for setting and enforcing security policies from the top of the organisation.

Cloudsecurityalliance.org, onlinetrustalliance.org, SAFECode.org are cited as useful sources for preparedness and practice planning.

The suggestion came for collaboration between the public and private sectors to increase visibility, adaptability, and optimisation of plans, policies, and preparedness.


- Posted using BlogPress from my iPad