With Infosecurity North America opening its doors in 4 weeks time, Lital Asher-Dotan from Cybereason offers her insight into the industry as well as a sneak peak of what we can expect to hear at the show.
- What is the biggest information security threat to your industry?
A huge threat we’re seeing is the commoditization of Advanced Persistent Threats (APTs) — or as we like to say “APT Actors going from fine dining to fast food.” Advanced, targeted attacks have traditionally been associated with nation-states, but in the last few years the lines have blurred between the attack capabilities of nation-state players and those of the lower-level cyber criminals groups.
Techniques and tools that were once used by a few APT actors have been adopted by dozens of other threat actors, including freelance groups hired by government agencies and organized criminals who are using complex hacking operations to collect intelligence, steal intellectual property, pilfer sensitive financial data and even siphon cash from banks.
Cybereason recently conducted a honeypot project that reinforced this growing threat — particularly against critical infrastructure. In July of 2018, Cybereason set up a honeypot to emulate the power transmission substation of a major electricity provider. It showcased how the specter of cyber attacks against utility providers and the profile of adversaries who target industrial control systems environments are broadening.
- What can delegates expect to learn and hear about during your session in the Tech Talks theater?
Unit 8200, the prestigious intelligence unit of the Israeli Defense Forces, has proven to be a launching point for leaders in cybersecurity. 8200 alums serve in many significant roles in global technology companies, and it is in part because of the military training that gives them a head start to begin their careers. In fact, more than 1000 Unit 8200 alumni have started major technology companies including Waze, CheckPoint and Palo Alto Networks.
But the untold story is that there are thousands of successful female Unit 8200 alumni working in the tech and cybersecurity industries—in a variety of management positions. This stems from the Unit’s large female workforce – more than 50 percent is comprised of women. Despite this, not nearly enough of them are working in upper-level management or C-level positions. This underscores an ongoing issue of not enough women in the InfoSec industry and not enough in management positions, within the industry.
As a Unit 8200 alumna, I will share how Unit’s 8200 recruiting and training processes were not only pivotal in launching my professional career but also how they can be applied to the industry as a whole to help the industry deal with issues such as diversity and talent gap.
Infosecurity North America will take place on 14 – 15 November at Javits Convention Center, New York. Register today!
- The key theme for this year’s Infosecurity North America is Strengthening Cyber Defenses Against Tomorrow’s Threats. What advice do you have for practitioners building a strategy to defend against the threats of today and tomorrow?
Information Security is no longer a matter for the IT Security department – it touches every aspect of the business. With the speed of transformation (e.g. digital transformation, moving to the cloud, the introduction of IoT into the enterprise), if security remains siloed and is an afterthought, we will always play a game of cat and mouse. Security leadership needs to be embedded within the business, and practitioners should be aware of the priorities and what makes a business successful in order to align strategies.
- In your opinion what are the hot trends/topics right now? And what will be the biggest trends in 2019?
In terms of the attackers, fileless malware attacks, also called memory-based or living-off-the-land attacks, are a growing trend. While there’s been a lot of buzz around this tactic more recently, it’s been around for awhile. We’re now hearing more about it because in recent years this technique has found its way into the toolkits of more common cybercriminals as they rely less on traditional toolkits to carry out their attacks.
Because of this threat trend, when it comes to the defenders, we are seeing a shift in defense measures (now and into 2019) because traditional tools cannot stop fieless attacks. Fileless attacks leverage tools that are native to Windows, making them effective and stealthy, since most security programs can’t detect malicious use of PowerShell and WMI. And since there’s no malware signature for antivirus software to detect, those programs are ineffective at flagging these attacks. The defenders must turn to behavioral analytics, machine learning and AI in order to automate and increase effectiveness in catching behaviors that traditional methods cannot.
- What are your thoughts on whether the USA should implement a general data protection regulation at a federal level (similar to the EU GDPR)?
That is a good question. The trend is growing (e.g. in California), and I do think it would make sense to have federal guidelines to accelerate the trend on a state level. It will be more powerful and effective to regulate from a federal level.
- Do you feel that by being compliant your company is therefore secure? Does compliance equal security?
Compliance does not equal security, and unfortunately when companies believe that they are one in the same, that’s when they fall victim to a breach. In fact, there’s a huge gap between compliance and security. Many times the regulation is way behind the current attack trend. Hackers are not stupid. They know that organizations will check the compliance boxes, so they adjust themselves accordingly to find the holes.
We hope that more organizations will mature their security operations to go beyond the compliance level. We encourage organizations to be proactive and move into hunting capabilities.
- What are we, as an industry, doing right?
What we are starting to do much better is communication, threat intelligence sharing and knowledge sharing. We can always get better, but we’re moving in the right direction. Conferences such as Infosecurity North America are a great example of what we are doing right. It’s helping all of us to evolve and learn from each other.
This will also help future talent. More educational opportunities (e.g. conference, peers, online, etc) enable young practitioners to learn fast and advance their capabilities.
- What one piece of advice would you give to someone who is entering the information security profession?
We’re experiencing a major shift every couple of years — we see paradigm shifts and technology shifts — and the pace is only accelerating. Young practitioners must be ready for a dynamic environment with constant change and constant challenges. This is a field for people that love to embrace new tool sets and new mindframes and constantly evolve.
Do you want to hear more from Lital? She will be speaking on the 15th November at Infosecurity North America. Register today!