Security pros talk about playing defense against cybercrime

Security professionals are playing defense against cybercrime, and often feel outgunned by tech-savvy hackers and insiders out to steal sensitive data from within the business. They see a shortage of qualified security personnel to call on, but also believe that threat-detection tools are getting better.

Those were sentiments shared today by security experts from two large financial services companies, Citi and AIG, together with a special agent of the FBI at a panel discussion at Pace University in New York. When asked about the kind of things that worry them most, they were quick to point to the kind of attacks that are hard to stop and the difficulty in chasing cybercriminals around the globe.

"Zero-day vulnerabilities bringing down the network," said Bernadette Gleason, North American eCrime laboratory manager at Citi. Use of zero-day attacks by cybercriminals give them the advantage because they can exploit unknown vulnerabilities. "We've seen this happen and try to mitigate against it."

+ ALSO ON NETWORK WORLD FireEye, AhnLab score low in lab test of breach detection systems | How do the FBI and Secret Service know your network has been breached before you do? |  Patch management flubs facilitate cybercrime  +

Like many businesses, Citi applies a defense-in-depth strategy but there's also the realization that the financial services industry has to do better at "consumer awareness" by helping educate the public more about cybercrime, without confusing people with technical terms, she added.

"I worry about the hacktivists and nation states," said Robert Zandoli, senior vice president in the global chief information security office of AIG.

Zandoli said one of the main challenges today is that a large company gets billions of alerts from security tools, but then struggles to determine the top priorities. But Zandoli expressed optimism that the security industry is making advances. He also said the idea of "dynamic defense" where security tools can monitor and see anomalies and react automatically is evolving.

FBI special agent Charles Gilgen acknowledged that for law enforcement, being reactive, the challenge pertains to the global nature of cybercrime across national boundaries, where an innocent-looking e-mail loaded with malware can begin the attacker's incursion into business networks. But the FBI is beefing up its cyber division, he added, with plans to add 1,000 analysts next year.

Gilgen cautioned to be on the watch for the insider stealing data, noting that some tell-tale signs can be a person, especially someone with personal or financial problems, who suddenly takes to sitting at someone else's computer or starts asking unexpected questions. This might be harmless, but can be indicators of insider threat troubles, he said.

Gilgen also warned against taking computers with valuable proprietary data overseas where in some countries there are ongoing aggressive actions to steal it. He also added that the FBI is concerned that attackers are increasingly going after smaller U.S.-based companies that sometimes aren't as well prepared as large businesses.

When asked about cloud computing and security, Citi's Gleason offered her own advice, saying businesses should reasonably expect to be able to conduct some type of ethical hacking on the cloud service providers they want to use in order to test their security. Not only should that be in any contract, but also a provision that your business should be notified in the event the cloud service provider is hacked. She said companies should expect both their business partners and vendors, including security vendors, to make their security policies and practices plain since they are all close to valuable business data.

Zandoli said it's certainly a concern that there is a shortage of security professionals to hire. But every company has to try and be a "hardened target" as best it can since the whole situation is akin to "a cyberwar and surprise is a great advantage for adversaries."

This situation of constant threats and attacks means "unfortunately, the bad guys are often one step ahead of us," acknowledged Gleason, which she added, makes cybersecurity a job interesting though occasionally depressing.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityFireEyelegalendpoint securityfbianti-malwareWide Area Networkcybercrime

More about FBIFireEyeIDG

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts