“Criminal organizations and cybercriminals often adapt and evolve to evade detection and continue their illegal activities.”
Hi Tyler, please tell us how are latest cyber attacks shaping up the InfoSec industry?
The government prioritizes the takedown of certain groups over others based on a variety of factors, including the access they have to the threat actor’s computer network(s) and the level of threat they pose to national security and public safety. The Hive ransomware group has been considered particularly dangerous due to their attempts to extort hundreds of millions of dollars from its victims.
The takeaways are also important. By obtaining the decryption keys of a RaaS group, the government could potentially gain insight into their operations and infrastructure, including information on their funding sources, recruitment methods, and the individuals behind the group. This information could be used to disrupt and dismantle the group’s operations, as well as to identify and prosecute individuals involved in the group. To pass this information to companies without alerting other groups of all the details, the government could use various methods such as redacting sensitive information, sharing information on a need-to-know basis, or providing the information in a general format that does not reveal specific details about the group. Additionally, the government could work with companies to develop and implement security measures that would protect them from similar RaaS attacks in the future.
Read More: CIO Influence Interview with Rich Nanda, Principal at Deloitte
What happened in the recent attack on the Hive operations?
There is a possibility that the individuals behind the Hive operations could reappear under a different name and using different methods. Criminal organizations and cybercriminals often adapt and evolve to evade detection and continue their illegal activities. However, the FBI is seeking to identify key members of the group, disrupt their funding sources, and seize assets that would make it difficult for them to continue their operations. It’s important to note that the fight against cybercrime is an ongoing process, and it is not always possible to completely eliminate a group or organization. Even if the individuals behind the Hive are arrested or their operations are disrupted, it is possible that others will take their place and continue similar activities. Therefore, it’s important for law enforcement agencies and organizations to stay vigilant and continue to work together to combat cybercrime.
Read More: CIO Influence Interview with Gee Rittenhouse, Chief Executive Officer at Skyhigh Security
What is your advice to the SOC team?
My advice to SOC teams is that a multi-layered approach to security must be taken; it must include both preventative and detective measures, as well as incident response protocols. Suggestions include:
- Regularly patch and update software and systems to reduce vulnerabilities
- Implement robust access controls to limit the potential impact of a successful attack
- Implement endpoint protection to detect and prevent malicious activity
- Regularly backup important data and keep offline copies
- Be aware of the threat landscape and stay informed of new tactics, techniques, and procedures used by RaaS groups
- Implement security awareness training for employees to help them understand the risks and how to detect and report suspicious activity
- Implement a user and device behavioral analytics capability for threat detection, investigation, and response
- Have an incident response plan in place and test it regularly
- Have a communication plan in place for incident response to be able to notify and coordinate with the relevant stakeholders
- Work with law enforcement and other organizations to share intelligence and coordinate responses to threats”
Read More: CIO Influence Interview with Chris Lubasch, Chief Data Officer & RVP DACH at Snowplow
Thank you, Tyler! That was fun and we hope to see you back on cioinfluence.com soon.
[To participate in our interview series, please write to us at sghosh@martechseries.com]
Business-focused and results-oriented leader with demonstrated experience advancing organizational security programs, and ensuring the confidentiality, integrity, and availability of enterprise information.
Experience
• Program Creation and Development
• Change Implementation and Management
• Policy Development and Implementation
• Cyber Assurance for Sales and Proposals
• USG Program Security and Protection
Exabeam is a global cybersecurity leader that created New-Scale SIEM™ for advancing security operations. Built for security people by security people, we reduce business risk and elevate human performance. The powerful combination of our cloud-scale security log management, behavioral analytics, and automated investigation experience gives security operations an unprecedented advantage over adversaries, including insider threats, nation-states, and other cyber criminals. We Detect the Undetectable™ by understanding normal behavior, even as normal keeps changing – giving security operations teams a holistic view of incidents for a faster, more complete response.