Skip to main content
banner image
venafi logo

Will the Real Cyber-Attack Please Stand Up?

Will the Real Cyber-Attack Please Stand Up?

cyber attacks on machine identities
June 13, 2017 | Shane Durham, Security threat intelligence and analytics director for Worldpay

A few weeks ago Shelbi Rombout from MasterCard, Nick Ritter from Fifth Third Bank, Bruce Phillips from Williston Financial Group and I all participated in an interesting panel discussion at the FS-ISAC Annual Summit in Lake Buena Vista, Florida. We used an interactive format to engage the audience on current cyber threats and patterns in advanced cybercrime. During this discussion we touched on certificate security, endpoint protection and threat actor profiles which generated some great discussion.

For me, one of the most interesting aspects of the forum was the different perspectives on which types of attacks constitute a threat -- “What was a threat to me was not a threat to the others on the panel.” Even though all the panelists were part of the financial services industry, the types of threats our organizations face are fundamentally different. Point-of-sale bots and malware are a key concern for the payments industry, but in the mortgage industry phishing attacks that target the home buyers realtor relationship are a significant hazard. When you think about it, this makes sense because access to agent email accounts provides all the necessary information required to set up real estate escrow wire fraud.

We also had some “in real life” discussions about the specific threats that target each type of industry. This exchange was very enlightening because there wasn’t nearly as much overlap as you might expect. I was not surprised by this because in previous positions I’ve held PII or other data, not credit card data, was most at risk and in each of those organizations we faced different types of threats.

Specialization is an area where the security industry as a whole needs to evolve. In general, the industry has a tendency to look at threats with a narrow view. One reason for this is that we rely on outside resources for information about the constant shifts in the threat landscape. For example, we evaluate what is in the most recent Microsoft Patch, or the security-related Cisco patches, or threat feeds from research organizations. We also follow what’s going on in the media with the most recent vulnerability, malware or breach. This information tends to be non-specific, and since media attention plays a significant role in the general noise level in security, it often creates knee-jerk reactions to the cyber threat du jour. This is one reason why there were a whole lot of people focused on patching for WannaCrypt over Mother’s Day weekend even though the patch has been available since February.

Instead of this automatic response to what the industry is doing and what media is talking about, I think we need a far more customized approach. Organizations need to take outside threat information and combine it with the specific architecture of their unique network, any vulnerabilities they know about and any compensating controls they have in place. The output of this effort is a threat index that’s specific to your unique organization and will keep you from chasing after the latest shiny new object. Instead, you’ll be able to focus on doing the things you need to do to keep your organization secure for the long term.

This near-field thinking can have a negative impact on the disaster recovery and business continuity programs as well. Most organizations do an analysis on what it would cost to lose the functionality of a specific platform or service for a few hours, a business day or even a week. The results of this analysis focus primarily on the potential impact of an event to the organizations’ customers, partners, employees and bottom line rather than prevention. It’s pretty rare that this outage analysis is linked back to the cyber threats that are most likely to cause serious business disruptions.

The reality is that most organizations are under resourced in security and IT. They are chronically short of resources needed to just maintain the status quo. The team spends more time working on the tool then in the tool. If they’ve never experienced a significant breach or a serious malware infection they won’t see the ROI on doing the kind of analysis that prevents knee jerk reactions to cyber security news. By the time an organization experiences a significant security event (and let’s face it, it’s going to happen to everyone sooner or later) it’s too late to put in place the controls and processes necessary to limit the damage.

When organizations spend the resources to do the analysis, they have the information they need to stop reacting to breathless media reports and focus on doing the things they need to do to protect their unique organization. Let’s do it now, before it’s too late.

Shane Durham, Security Threat Intelligence and Analytics Director at global payments provider Worldpay US. To learn more, visit

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Shane Durham, Security threat intelligence and analytics director for Worldpay
Shane Durham, Security threat intelligence and analytics director for Worldpay

Shane Durham is the Information Security Manager at DataScan. He is responsible for the development and maturity of their information security program.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more