Businesses should go on the offence in the fight against cyber-crime as threat actors adopt new and evolving tactics, Bryan Fite, account CISO at BT Security, told an audience at the RSA 2017 Conference in San Francisco.
Modern attack methods have placed the capabilities that were once the domain only of nation-states into the hands of small-time criminals, cyber-gangs and hacktivist, creating a new level of threats.
Fite said ultimately threat actors are outpacing the good guys in terms of innovation and techniques because traditional cyber-defense models of building parameters and security add-ons don't work.
Fite added that even industries such as banks, corporations and countries, which were traditionally expected to protect themselves, are still having problems despite the amount of resources they spend on security.
To cope with these deficiencies Fite said businesses should create a digital road map to identify their assets, protect data, know how to respond to breaches and how to recover lost data. Having identified valuable assets, firms should consider taking extra precautions such as encrypting important information within their systems to make it harder to access in the event of a breach.
Another part of the problem, he said, is that businesses often believe their assets are only in their “secret sauce”, not taking into account the valuable data surrounding their manufacturing process.
“You can reverse engineer the chemical makeup of that,” Fite said, referring to proprietary information. “It's how you take that secret recipe and manufacture that the same way globally and make money and keep the quality control,” that's important to threat actors.
In addition, he said it's important to understand there's gold in the logs and data that companies collect, and they should consider keeping certain information longer than the mandatory minimum so that if something does come up they can look back at their records and learn from them.
In addition to identifying assets, businesses should research who their adversaries are and who would want to target their data as well as have profiles on these potential threats. If they have already been breached, companies should conduct a postmortem analysis on the incident to figure out what can be learned.
As threats evolve, it's also important for firms to cover the human element of cyber-security and stay prepared by having policies concerning blackmail, insider threats and other contingencies such as social engineering attacks.