Cyber security leaders share their APT knowledge
RSA and TechAmerica released key findings derived from a forum of more than 100 of the world’s top cyber security leaders from government and business who met in Washington, DC to address the impact of Advanced Persistent Threats.
Participants at the APT Summit shared threat intelligence, defensive strategies and best practices for protecting against the most menacing security threats targeting highly sensitive information and intellectual property of governments and businesses.
Attendees and speakers included CISOs, CIOs, technology Fellows and senior officials from leading think tanks, industry associations, government, defense and law enforcement, and represented numerous commercial industries including: aerospace and defense, critical infrastructure, legal, finance, energy, technology and manufacturing.
They participated in multiple interactive sessions, which yielded numerous ideas and perspectives, and concluded that:
- Organizations must learn to live in a state of compromise and should plan and act as though they have already been breached, focusing on closing the exposure window and limiting damage.
- Situational awareness is essential to detecting threats early and can help improve security and attack response. Organizations can benefit from advanced monitoring techniques and technologies, learning from attacks against other companies and industries and sharing timely threat intelligence.
- Attack vector has shifted from technology to people. Anyone can be phished given the right context and the attackers have growing access about would-be targets through social networking sites. While user training alone cannot entirely neutralize the threat, training and testing coupled with user restrictions and visibility can give organizations a fighting chance.
- Attack customization defies traditional signature-based approaches to work against a target’s specific weaknesses. Attackers are increasingly agile and can take advantage of vulnerabilities more quickly than signature-based approaches can remediate.
- Attackers are better at real-time intelligence sharing than targets and fixing this should be a top priority. Attackers operate unimpeded by legal restrictions and other rules that govern corporations and government organizations. While not a panacea, information sharing of real-time threat intelligence and attack information is of paramount interest to give situational awareness used in helping defend critical infrastructures and mitigate the effects of wide-scale cyber attacks on economic prosperity.
- Simplicity is the path to better security, and can be an effective countermeasure to the many unmanageable and complicated IT infrastructures in operation today. Given that security is a weakest link problem, only through understanding assets, processes and endpoints is there a chance at real defense.
“The frequency and volume of attacks has reached pandemic levels – this is not a passing fad or anomaly,” said Eddie Schwartz, Chief Security Officer of RSA. “The new fact of life is a ‘state’ of persistent, dynamic, intelligent threat and disruption, the economic and societal ramifications of which are overwhelming. This doesn’t mean that we as a collective of security professionals are powerless against our adversaries – we can and should be able to manage our risk to an acceptable level and change the ongoing and grim trends. Only through collaboration can we unite our strategies to combat these advanced threats as we move forward together in our pursuit of a trusted digital world.”