Don’t get distracted in the cyberbattle

Telstra’s CSO Mike Burgess says it’s critical to avoid distractions when fighting against cybercriminals.

In a presentation given at the Check Point Cybersecurity Symposium, Burgess warned against attribution and threat distraction.

“Don’t get me wrong. I’m not saying that attribution is not important. What I observe, what I fear, what I see too much of is commentators, many in the industry and many in the media, focus on attribution with very little focus on the root cause”.

Burgess says there is no instance where an organisation should lose data when there is a known remedy for the root cause. Citing the examples of Target, Home Depot, Sony and others who, in public statements blame the “sophistication” of attack methods, Burgess noted that all of these companies should have expected to be targeted by attackers and should have carried out better hygiene and been better architected.

“That is unforgiveable in this day and age,” he says.

The sibling to attribution distraction, says Burgess, is threat distraction.

Burgess read quotes from public statements issued by a number of hacked companies. From our place in the audience, Burgess derision at the language used in these statements was palpable.

After reading Home Depot’s statement, where they said “The malware used in the attack had not been seen in any prior attacks and was designed to evade detection by anti-virus software,” Burgess sarcastically asked “Really?”.

“I’m not meaning to disparage others because I know this is a hard challenge,” said Burgess. “But really, when I see the use of language like that I do worry”.

In discussing the Sony hack, Burgess noted there was a lot of activity around attribution but very little attention was given to how internal emails were able to be exfiltrated from the network.

While a great deal of attention is given to identifying hackers and discussing the attack methods, not enough attention is given to how data losses, through theft or deletion, can be allowed to occur.

In Sony’s case, the loss of corporate data meant the company was unable to meet quarterly reporting obligations to the stock market. That was on top of leaked emails, leaked HR reports and all the corporate embarrassment that accompanied the hack.

Reacting to Sony’s statement that “The attack was an unparalleled and well-planned crime carried out by an organised group that neither Sony Pictures nor other companies could have been fully prepared,” Burgess reacted saying “Well, actually, it is a reasonably foreseeable event that someone will attempt to hack your organisation, to steal data from you, or someone will attempt to attack your organisation to disrupt your organisation. I disagree with Sony in the comment. You have to be prepared. You’ve got no excuse”.

Read more: Security Watch: HP and FireEye team up for threat detection

Looking at the examples he cited, Burgess noted that in all of those cases there was a known remedy for the vulnerability or weakness that was exploited.

Finally, Burgess took some time to discuss the reliance on frameworks and compliance. Although he suggested they were useful but he told the 500-strong audience a focus on those without an understanding of what the business was actually trying to protect was a danger.

“When you lose site of the back-office or what you’re really trying to protect, you will find yourselves still in trouble even if you completed those numerous tick and check exercises”.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags Check Point Cybersecurity Symposium 2015#CSOAustraliaSony HackHome Depotcybercriminalssony#CyberSecAUcyberbattleCSO AustraliaTelstraMike Burgessnetwork securityTarget

More about Check PointCSOHome DepotSonyTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place