It’s a strange fact that hackers are keeping ahead of the security teams and CISOs inside organizations.
Hackers always win in some way or the other as they have less to lose, have more angles to attack, can use more methods/tools/vectors and have no limits on how far they can go to get what they want.
Meanwhile, comfortable illusions about how security is working are crippling the ability of government and industry to fight the threat, a former member of the FBI’s netsec team has told the BSides San Francisco 2017 security conference.
Government and business don't get on, Artificial Intelligence is bunk and politics rules.
Society is still disillusioned about the working of government and corporation in maintain computer security but the fact is that we are having false belief in the power of technology to save us. Five years ago everyone assumed that big finance houses knew what they were doing to lock down bank accounts. Now they are playing catch up.
“The government is very reactive,” said Jason Truppi, director of endpoint detection and response at security firm Tanium and a former FBI investigator. “Over time we’ve learned it wasn’t working - just being reactive, not proactive.”
The government and the commercial sector isn’t working productively and we need to accept this fact to solve online threats.
On threat intelligence sharing, for example, the government encourages business to share news of vulnerabilities. But the subsequent investigations can be wide-ranging and lead to business' people being charged for unrelated matters. A result companies are increasingly unwilling to share data if it exposes them to wider risks.
Organisations, government and individuals only actually work on threats when they prove themselves to be tangible which is why selling security services in unreglated industries is so difficult.
Companies don’t get their own infosec problems and don’t care that much. Commercial sector is still trying to hire good network security people, but bog them down in useless false alerts and management panics.
A single false alert can take up days of time, but upper management - who don’t understand the issues - can tie up days of team time dealing with an alert that isn’t a serious issue, said Truppi. Banks are better in this case because many companies have the view that if they have a disaster recovery plan in place, then they’re sorted which is not true.
The traditional view is that hackers will try to fake stock trades but this is an old method because it can be checked before the payout. The new way is to use insider trading to extract money.Truppi warned that recent future will experience major internet outrages because of botnets
of things taking down sections of the internet. It will be interesting how the governments and commercial sectors will deal with it.