Hacktivism versus Financial Reward
All panelists acknowledged that hacktivism has been a major concern for the last few years, with Andrew pointing out that attacks are now becoming more damaging and malicious. Bob produced a nice soundbite of "terrorists don't build guns they buy them", highlighting the fact that hacktivists can easily leverage available tools to perform sophisticated and complex attacks, without necessarily spending time and effort developing bespoke tools. Wendy pointed out that attacks driven by financial reward have somewhat different attack patterns and targets, with new avenues such as mobile, smart grids and CCTV devices being identified as potential revenue streams for malicious operators.
Financial reward is still a major driver for many attacks, with new approaches likely to include mobile devices, to leverage potential salami style SMS attacks. Intellectual Property theft is still a major obstacle at both a nation state and organisational level.
Andrew commented on the increasing complexity many organisations now face from a structural perspective. Increased outsourcing, supply chain distribution and 3rd party data exchanges, make defensive planning difficult. Bob also pointed out that the complexity of supply chain logistics have made smaller organisations, traditionally thought to be more immune to larger scale attacks, are now more likely to be breached, simply due to the impact it may have on their business partners.
Insider Threat and Privileged Account Management
Trusted employees can be still be a major headache from a security perspective. Non-intentional activity such as losing laptops, responding to malicious links and being the victim of spear-phishing attacks, were all highlighted as being the result of poor security awareness, or a lack of effective security policy. Bob argued that privileged account management should be a high priority, with many external attacks utilising root, administrator and service accounts with their escalated permissions.
Data Chemistry and Context Aware Analysis
Whilst there is no 'silver bullet' to help prevent against the known knowns and unknown unknowns, the use of security analytics can go some way to help detect and ultimately prevent future attacks. Wendy used the term 'data chemistry' to emphasise the use of the right data and the right query to help provide greater detail and insight to traditional SIEM and log gathering technologies. Bob promoted the use of greater profiling and context aware analysis of existing log and event data, to further highlight exceptions and their relevance, especially from a network activity perspective. Andrew also commented that information asset classification, whilst a well known approach to risk management, is still a key component in developing effective defence policies.
By Simon Moffatt