BreachExchange mailing list archives
The case for forecasting cyberattacks
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 9 Jan 2014 17:21:37 -0700
http://www.usatoday.com/story/cybertruth/2014/01/08/the-case-for-forecasting-cyberattacks/4373651/ One of the biggest challenges in cybersecurity today is that despite the evolving nature of attacks and vulnerabilities, corporations, government agencies and other organizations tend to base protection largely on historic threat reports and other dated information. What the past reveals is relevant, but in the complex security realm, overreliance on historical data does defenders a disservice by fostering security postures that become rooted in the past instead of what is happening right now. Recent data from Mandiant states that 96 percent of data breaches are uncovered by third parties - not internal security teams - and that victimized organizations are breached for 416 days, or about 13 months, on average. If business, government and other organizations continue managing security with mostly historic information, it is unlikely that this 13 month gap will shrink anytime soon. In light of this challenge, the time has come to empower overtaxed security staff with actionable cyber security intelligence achieved through a "threat forecasting" approach to protection. Simply defined, threat forecasting focuses on understanding what's happening on the attack landscape and which threats expose specific organizations to the most severe danger at any given time. Forecasting is essential for understanding any type of risk and threat forecasting brings remarkable advantages in cyber security. To adopt and benefit from this proactive approach, organizations need to first determine what kind of early warning intelligence they can readily acquire and apply. For example, a forecasting view that gathers data from decoy networks set up to draw attackers' interest and quietly catalog their inbound exploits can reveal telltale signs of new attack patterns before they reach crucial business systems. Other valuable forecasting insights can be found by studying security products already deployed in organizations' existing cyber defenses in a new light. As I have discovered in regular testing, even vendors' latest next-generation firewalls and intrusion prevention technologies, for example, can be bypassed by known exploits targeting vulnerabilities in browsers, multimedia and other common software. Testing products' effectiveness against known, "real world" attacks can forecast where even layered product combinations can let malicious activity slip past. This yields valuable visibility into where security teams might need to replace or retune tools, or take other pre-emptive action. Fresh approaches to threat forecasting can lessen the prevalence of cookie-cutter security programs by tailoring activities to cut through the clutter of reports, leads, and gut instincts clouding security professionals' decision-making. Regardless of any threat's intensity, what matters most is knowing whether it's merely interesting – or imminent.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- The case for forecasting cyberattacks Audrey McNeil (Jan 14)