• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Cybercrime   »   Cybersecurity Risk and Resilience: Hunting the Hunters

Cybersecurity Risk and Resilience: Hunting the Hunters

  • Posted on:November 9, 2015
  • Posted in:Cybercrime, Security, Targeted Attacks
  • Posted by:
    Ed Cabrera (Chief Cybersecurity Officer)
0

Successful cyber attacks against the financial sector have steadily increased over the last 10 years however, we have seen a sharper increase in threat actor sophistication. Regardless of motivation, advanced threat actors have been evolving. The Deep Web and the criminal undergrounds that occupy it have been hosting the communication and collaboration behind nearly every targeted attack seen this decade. Threats have been capacity building in recent years and are executing multi-stage and multi-vector attacks at will.  In fact, a recently published Trend Micro research report found that 76 percent of organizations have seen an increase in sophistication of attacks.

In the early stages of attacks, we are discovering a significant rise in the use of exploit kits in watering hole attacks, marking a possible shift to target more secure victims. In the latter stages, we have seen an increase in sophistication around counter detection tactics through the use of polymorphic and metamorphic malware and the use of covert channels such as DNS, steganography and cloud services for command and control, and exfiltration.

Even in the face of the quantity and quality of these attacks, organizations still face a fundamental lack of effective and comprehensive enterprise risk-management strategy to combat them. In fact, according to the 2014 Global Information Security Survey, 56 percent of organizations are unlikely to detect a sophisticated attack. Additionally, 74 percent say their cybersecurity programs only partially meet their needs, with 37 percent having no real-time insight.

Information stored by financial services companies is ‘big game’ to cybercriminals, but what happens when the hunters become the hunted?

I spoke with Roland Cloutier, vice president and chief security officer at ADP, who is responsible for ADP’s cyber, information protection, risk, workforce protection, crisis management, and investigative security operations worldwide. ADP is one of the world’s largest providers of human capital management solutions with more than 50,000 employees servicing more than 100 countries. Under Roland’s leadership, the ADP Global Security Organization protects ADP businesses and drives security as a top priority to protect its clients’ data and funds as well as maintain ADP’s position as a leader in the industry.

I asked Roland a few questions in order to gain his real-world insights regarding which threat actors concern him the most in the financial sector, which strategies his company develops and deploys to successfully combat attacks, and what challenges he faces in the future regarding cloud, mobile and Internet of Things (IoT).

  1. Given the escalation in quantity and quality of cyberattacks over the last 10 years facing the financial sector, what are the threat actors that concern you the most?

Threat actors come in all shapes and sizes and you really have to break down critical elements such as their intent, means, and capabilities as these align to your go-to-market and the business or agency that you are accountable for. Specific to our business, we are a human capital management diversified services firm which means from a data processor perspective we have a lot of individual information from SPI to financial to health data. If I had to look at the categories of threat in order I would be most concerned with organized economic criminal elements, nation-state and espionage actors, and terroristic entities with a national economic infrastructure target agenda.

2. Multistage and multi-vector attacks are the new norm. What proactive enterprise risk management strategies are you developing and deploying to be successful?

Multistage multi-vector attacks are often misidentified because they are not necessarily “outright aggressive malicious hacking.” In fact, as we all know, the illicit use of good credentials for bad purposes and the manipulation of a good business process for criminal means is a large part of how these threat actors are being successful.

One of the most critical risk tools we have available is our business operations process mapping exercise. Designed to understand how the business operates, how data is moved, which controls are implemented at what part of the process, and what our capabilities are in preventing, detecting, and investigating some optimum business processes, this service creates end-to-end visibility and transparency into the business process. The output of these exercises supports threat engineering, critical incident monitoring and response, and risk tracking and prioritization programs. In today’s diversified business environment with integrated ecosystems internally and externally of your business, how can you possibly understand what an attack looks like if you don’t know what your process looks like?

3. In the coming years, the collection of data through cloud, mobile and IoT by business will grow exponentially and so will the pressure to protect it. What do you see as your biggest challenge going forward?

I see two critical challenges in the future of exponential data creation and usage by businesses because of the explosion of those items mentioned above. The first is how do you protect it? The integration of structured and unstructured data, the movement between ecosystems, and the lack of assignable, addressable, or transferable controls on that data between ecosystems is extremely problematic. Also, as data elements are merged with others to create net new information, intellectual property, and business assets, providing auomated protection at the speed of information development is a real hurdle we have to overcome.

The second major area is in the use of data as a part of our next generation analytical applications for threat and incident prevention and detection. I’m not worried about collection or storage as those elements of consumerized IT are getting cheaper and cheaper. It’s the diversification and use specific needs of analytics for multiple disciplines such as threat detection, fraud prevention, user behavior monitoring, business process assurance monitoring, in other like up-and-coming specialties that require unique data sets with specific analytics that are not yet available. This is going to take a massive industry push as well as changes in the way our businesses build our products and services.

Related posts:

  1. Protect your Supply Chain with a Third-Party Risk Management Program
  2. Decision-makers need to find correct approach to risk management
  3. Study finds companies lacking cybersecurity risk management
  4. ZDI at 10: 10 Fascinating Facts About 10 Years of Bug Hunting

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.