Black Hat: Former FBI top cyber cop says defenders need to think more tactically
Black Hat: Former FBI top cyber cop says defenders need to think more tactically

The strategies used to fight adversaries in the real world are not much different to ones used to battle attackers in the cyber realm.

According to Shawn Henry, former executive assistant director of the FBI and now president of security firm CrowdStrike, the threat of computer network intrusions is "the most significant threat we face as a society", other than weapons of mass destruction.

Throughout his talk at the Black Hat conference in Las Vegas, Henry leaned on the fear card, sometimes referencing 9/11, the threat of cyber terror and the possible loss of life through attacks on critical infrastructure.

He said that to fight back, security professionals must be aware of the hacker before they strike and to do this, organisations must lean on intelligence strategy, information collection, analysis and execution and adversary identification.

Henry said: “You have home-field advantage, they don't know the network the way you do.”

He urged the crowd to focus less on the traditional metrics, such as ‘how many hackers did we stop?', and instead concentrate on things such as prevention and threat information sharing.

“If your bonus is tied to [the traditional metrics], that's not going to be a lot of Christmas presents,” he said.

Henry also offered other suggestions, such as letting the intruders think they are being successful and permitting them to steal dummy data. He also recommended not allowing certain data to be reachable via the internet and to step up logging efforts, which he described as the cameras of the virtual world.