6 types of cybervillains that are no match for your data scientists

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.techrepublic.com/article/6-types-of-cybervillains-that-are-no-match-for-your-data-scientists/

You cannot combat cybercrime without data science — period. However, not
all cybercriminals have the same signature. If you're serious about
defending against cyberattacks, consider deploying your data science team
against these six types of cybervillains.

Cybervillain #1: The Revenger

Insider attacks pose the largest threat for most organizations. Imagine
what would happen if one of your system administrators decided to go postal
on one of your mission-critical systems? That scenario won't end well for
anybody.

Where data science can help is in the emerging and exciting field of user
behavior analytics (UBA). Profile what normal behavior looks like and
anticipate what attack behavior looks like. The combination of both
detecting unusual behavior and recognizing attack behavior will protect
your fortress from those within the walls.

Cybervillain #2: The Martyr

Anyone passionate about a cause can attempt to use your organization as a
podium — if your organization has a large enough stage. Many terrorist
organizations around the world would revel at the opportunity to use a
large American icon for the purposes of trumpeting their cause.

To defend against martyrs, it's important for your data scientists to
constantly know what's trending. A cyberattack does a martyr no good if
they can't get good publicity.Sentiment analysis on popular social media
platforms is a good place to start.

Cybervillain #3: The Spy

Espionage is an insidious cyberattack that can cause monumental damage;
this makes the Cyber Spy one your most formidable villains.

Information that's private, classified, or otherwise confidential can fetch
a huge price tag from the right buyer. The recent cyberattack on the United
States Office of Personnel Management demonstrates the lengths cyber spies
will go to in order to secure the right information. In contrast to the
Martyr, the Spy wants to stay in your systems undetected, for as long as
possible. Dormant cyber spies are very difficult to detect; but, when they
"wake up," you must identify them quickly.

Your data scientists should focus on what anomalous system activity might
look like, especially with data extrusion. This involves baselining what
normal activity looks like, so the signal for abnormal activity is strong.

Cybervillain #4: The Thief

They say the love of money is the root of all evil, and nothing personifies
this better than the modern-day Cyber Thief.

As the means of exchanging of money has rapidly evolved from paper to
electronic so have the methods of stealing it. Trillions of dollars are
exchanged electronically every day, and there's no sense for someone to
break into a bank and crack a safe, when they have even a small chance of
tapping into this river of electronic money that's gushing by them every
day. The Cyber Thief wants to go undetected like the Cyber Spy, but they
won't want to stay around very long, if they're smart.

Since they're only concerned with money, have your data scientists
concentrate their efforts on protecting these channels with pattern
matching algorithms and expert systems.

Cybervillain #5: The Washer

Money laundering is another crime that's gone cyber. The Cyber Washer is a
specialist at turning dirty money into clean money using electronic means.
Drug dealers, terrorists, and other bad guys turn to the Cyber Washer to
make their illicit funds look legitimate; Cyber Washers do this by moving
money around and covering up tracks. Like the Cyber Thief, the focus is
still on money, though instead of exfiltration, your data scientists should
be looking for data movement, manipulation, and deletion.

Integrity rules and controls is a good place to focus. If two or more
systems should always be in balance and all of a sudden they're not, you
could have a Cyber Washer problem.

Cybervillain #6: The Bragger

Some cyberattackers just want bragging rights. The Cyber Bragger has what I
call aGeorge Mallory complex. When Mallory was interviewed on why he wanted
to climb Mt. Everest, he replied, "Because it's there." Cyber Braggers love
the challenge of hacking into something that's not supposed to be hacked.

Cyber Braggers are the least threatening from the perspective of real
damages; though, if they brag too loud, they could destroy your reputation.
Cyber Braggers are extremely difficult to defend against because they're
often the best hackers in the world. You have to think like them in order
beat them.

My advice is to bring at least one Bragger into your fold. If you have an
elite hacker on your data science team, you at least have a fighting chance.

Summary

Your data scientists are a critical component of your cyberdefense
strategy. Take time to brainstorm with your data scientists on how to
defend against each one of these six cybervillain types.

Don't be a cybervictim; be a cyberhero.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!