Cyber Wolves and Sheepdogs

Peter Roman, Senior Counsel of the Computer Crime & Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Justice Department, led us in the morning keynote with stories he's seen of companies being almost destroyed by competitors and angry past employees. You've prepared as much as you can for the hackers - you run regular table top exercises, have scheduled pen tests, and have a reasonable budget for third-party solutions. But what are you supposed to do when the bad guy is your former system administrator - who knows your system inside and out, or your arch-rival in the industry who's more dedicated than most to take your company down? Roman explains that, "the good thing to do is to involve law enforcement," especially when that's often how companies hear of an attack in the first place these days. He stresses that it's also extremely important to keep detailed logs that will be helpful to law enforcement when trying to catch the bad guys and save your company. The logs don't just need to say what you're doing, but be a list of every single time someone gets into your network and where - otherwise they won't be able to see discrepancies. After all, if the bad guys are the wolves, you're the sheepdogs who are trying to keep the Internet safe for all the normal consumers (those little innocent sheep) of the web. Roman says, "What you do makes the whole Internet safer, not just for you, but for everyone else."

You want ROI on your defenses, but attacks are costing you.

"The cost and the time for hackers to execute these attacks are decreasing dramatically," Ben Desjardins, Director of Security for Radware explains during the lunch keynote on Day One. It's becoming easier and easier for hackers to rent services online (think $20 for a 15 GB attack) that can be deployed almost immediately. Hackers don't just want your credit card number these days; they want the whole package of 'Fullzinfo" that includes your card number, CVV, social security number, birth date - you name it. And that's just personal information. What does that  mean for your business? According to Forrester, U.S. companies alone are losing $180 billion in lost revenue due to attacks. If you're smart, you're putting up defenses and hiring a solid team that can withhold the vast number of breaches occurring every day. But according to Desjardins, attempting to quantify security's ROI is a risk in and of itself because you're not able to calculate perfect numbers. Furthermore, "applying these averages creates a 'flaw of averages'," he explains. Instead, he explains that you have control in how expensive you are to hackers. Be ahead of your peers (i.e.. other targets) and make yourself more costly for hackers to attack. Desjardins advice? Focus on automation, simplify your process with services, over your blindspots, improve your visibility, and "detect wherever you can, mitigate where you should," he says. 

Thanks to everyone here at SecureWorld St. Louis. If you’re looking for an event near you, please visit our Events page and register today.