Skip to main content
banner image
venafi logo

Will the Real Cyber Attack Please Stand Up, Part 2

Will the Real Cyber Attack Please Stand Up, Part 2

CISO opinion
June 28, 2017 | Bruce Phillips, Sr. VP and CISO, Williston Financial Group

A few weeks ago, Shelbi Rombout from Mastercard, Nick Ritter from Fifth Third Bank, Shane Durham from World Pay and I all participated in an interesting panel discussion at the FS-ISAC Annual Summit in Lake Buena Vista, Florida. The panel was presented in an interactive format designed to test the audience’s knowledge of the misuse of certificates in advanced cybercrime. In our discussion, we spent a lot of time discussing the differences and similarities in the threats that are plaguing financial services organizations.

The bottom line was that the concept of “real” cyber attack was different for everyone in the room. Yet there were many challenges that we all had in common. We were all underfunded and we all faced a faster, more asymmetric offensive. There were also a lot of things we could learn from each other.

Case in point: Over Mother’s Day weekend many attendees had spent the weekend checking on their controls and patching their defenses against WannaCrypt. When a major exploit is spreading in the wild, every security team is busy trying to understand impact factors, such as the details of the attack, how it’s changing and how quickly it’s spreading. The fact that WannaCrypt was just the latest in a long line of exploits made it tricky to find a balance between being complacent and having a Chicken Little attitude. You can’t blame security teams for having a doom-and-gloom, sky-is-falling attitude.

WannaCrypt is the exact opposite of a highly targeted, methodical attack. But what it lacks in sophistication, it makes up for in hustle. Because it is self-propagating, it’s a perfect example of attacks that move at machine speed. These kinds of attacks collapse the time between intrusion and exfiltration from weeks or days to just hours, rendering many detection tools and processes useless.

WannaCrypt is the poster child for the importance of basic security hygiene—patching and ingress filtering were effective in preventing the attack. But it also serves as a reminder of why it’s critical that you architect your business infrastructure to be as resilient as possible. You need to be prepared to take an attacker’s best punch and then another and another and still keep circling the ring.

That sounds great, but how do you create a resilient infrastructure? You need multiple layers of protection in the cloud and on endpoint clients. You need to be fanatical about monitoring what’s going on across your network and you need to be poised to quickly investigate and respond to anomalous behavior. This means you can’t rely entirely on humans to detect and respond.

You also have to find a way to integrate information from all the security tools you rely on, so that you have a single view of what is happening on your network. Your endpoint, antivirus, firewall and IDS/IPS systems all have information about what is happening but the data is siloed and in incompatible formats. The data has to be correlated and translated in order to get actionable intelligence. This is where artificial intelligence and machine learning come in; these technologies are poised to be the next big wave of innovation for security teams. 

The worst case scenario for every security team is a blended, coordinated attack that chains several exploits together. A WannaCrypt style attack could be devastating if it is combined with a massive DDoS attack designed to distract your security team and disrupt your business. In order to defend against attacks that happen at machine speed we all need to invest in defenses that operate at machine speed.

Like this blog? We think you will love this.
Featured Blog

Researchers Find 3,200 Apps Exposing Twitter API Keys, Cite ‘BOT Army’ Threat

Key Findings:

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Bruce Phillips, Sr. VP and CISO, Williston Financial Group
Bruce Phillips, Sr. VP and CISO, Williston Financial Group

Bruce Phillips, CISSP is senior vice president and chief information security officer for WEST, a Williston Financial Group company, which creates industry-leading technology to streamline and fully integrate the real estate process. He is responsible for the company’s information security practice, as well as its litigation and forensic support services.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more