FEATURE
But unfortunately, they’ re useless at spotting the friendly colleague who’ s been building trust for three weeks on LinkedIn before sending a link.
People can’ t defend against a threat that they don’ t know exists. The threats today are advanced, highly scripted and highly targeted types of communications. Therefore, we have to educate them on these methods. This is where behaviour analysis is so important. If we don’ t understand what’ s normal behaviour in our environments, it’ s very difficult to determine what’ s abnormal.
We’ ve been under investing in human detection capabilities. Employees are trained once a year and we call it a programme. It’ s not a programme, it’ s a check box. Your culture is the biggest vulnerability. You need to build a culture where you’ re not seen as paranoid if you ask a question. We’ ve done a great job of scaring our employees to a point where they’ re too afraid to click on anything and too embarrassed to ask any questions, which means they’ re paralysed.
We are seeing a trend where initial espionage access is handed off to separate groups for total environment wiping. Why is it now a critical error to treat a‘ minor’ phishing alert as anything less than a precursor to a total outage?
The kill chain has been institutionalised, which is not something we’ ve seen previously. You now have one group that specialises in getting access and a completely separate group that specialises in burning everything down.
Phishing alerts used to mean someone clicked on something they shouldn’ t have, and we rebooted their machine. Now, it might mean someone has established a beachhead that has access, and that access gets sold in about 48 hours. Every initial access event is a potential scene setter for something catastrophic. We have to stop measuring severity by current damage and start measuring it by potential www. intelligentcio. com
INTELLIGENT CIO MIDDLE EAST
37