When Jeff asked me to write this week’s blog, I jumped at
the opportunity. What an incredibly busy
week not only for Red Sky but for the security world as a whole! As many of us were getting prepared and
turning our eyes to San Francisco and the RSA conference, on Tuesday Mandiant
shook things up and released their controversial “APT1” report! The conference will be all abuzz! More on Mandiant's report in a bit.
Living in Northern New England, I often talk to
organizations, banks, and companies on the small side. Interestingly, one bank CISO described his
bank as one such “small” bank with nearly a billion dollars in assets! To be fair, relatively speaking, that is
probably a small bank, but who wouldn’t want 1% of what is considered “small”?!
I digress… And like Northern New
England, there is a sense of security that comes with living here. The pace is slow and crime is low and all too
often this tranquility results in what I call “cyber complacency” or the “I’m
too small to own” syndrome. Unfortunately,
cyber criminals are not bound by the same societal values of the communities
where their targets reside.
I’ve had many conversations with good security people and
CISO’s that do not see them as ever being the target of APT because simply put,
and quoting, “We’re too small. There are bigger fish to fry before they ever
get to us.” Oh, really? I can’t entirely blame some people for
holding this attitude, APT is
hard, not only understand for many of the decision makers but also extremely hard
to defend against when you’re outgunned and understaffed.
These conversations generally lead me into a story I often
tell about a small defense contractor working on a very niche project for the
defense department. When asking what measures they were taking against the APT threat, the
response was, “APT is too hard to deal with. Besides, were too
small. No one cares what we’re doing.” Unfortunately, someone did care and this
small company was gutted of its intellectual property. Result: Aside from the hundreds of thousands of dollars worth of intellectual property lost, the company lost its competitive
advantage in the market space and we, as a nation, may have lost our competitive
advantage on the battle field.
When I tell this story the climate in the room often
dramatically changes from “We’re too small to get owned” to “We know we are
exposed but we’re spending a ton on security already and we don’t even
know where to start with APT.” Again,
APT is hard, but can you
afford to ignore it? The adversary knows
this and those that wish to steal from you are not doing it alone. They have
teams of people targeting you, which brings me back to Mandiant.
Mandiant’s release of the APT1 report has been met with both
strong applause and strong criticism. In my opinion, I think there are merits
in the arguments on both sides. Whether
you agree with Mandiant’s decision or not, the release of the report pushes the
APT problem and “APT1”, lurking in the shadowy corners of cyberspace into the
light for everyone to see. Mandiant has thrust the conversation about the APT problem, its tenacity, and its effects,
light years forward and I myself can only see the positives in that.
To me, there are two take aways from the Mandiant report
that should raise the hairs on any CISO as well as anyone in the C-Suite. One is something we all know – Once you’re
the target, they’re coming in whether you like it or not. They will outspend you in both time and
money, and when they do get in, and they will, they’re there to stay! The second take away and a more subtle one –
The adversary is working in teams. Not only in teams of highly trained people
in the technical trades but people trained in linguistics, cultural attitudes,
human intelligence, and economics. Can
you afford a team equal in size and expertise?
Probably not.
APT is
hard. Red Sky members know this very
well. Red Sky is made up of multiple
mature incident response teams from some of the largest Fortune 500 companies
sharing information, assisting one another, and working together to solve the
complex APT problem. Red Sky members
form a team of very smart analysts and technical experts from a widely diverse
number of industries and disciplines.
As a Red Sky member, these groups of professionals, facing
the same threats as you, become a part of your team and you become part of
theirs. The point is your adversaries number
in the hundreds if not thousands. You
can’t ignore that and you’re going to eventually have to start somewhere –
Mandiant has made that abundantly clear. You can go about it alone but you
don’t have to – ask for help and join the conversation!
For all of you traveling to the RSA conference, I wish you
very safe travels. If you’re like me,
you’re leaving early to avoid the storm working its way eastward! If you’re interested in speaking with me
about Red Sky and how our members can help you, please feel free to reach out
to me at rgamache@redskyalliance.org.
It’s going to be a great event and I’m looking forward to
the presentations and the good people who are working in the trenches every
day.
See you in San Francisco!
Rick
No comments:
Post a Comment