Page 33 - CDM Cyber Warnings February 2014
P. 33
advanced to a state of maturity where the network breach co-founder of CorreLog, an IT security software vendor
could be a thing of the past. based in Naples, Florida. CorreLog developed one of the
InfoSec industry�s first software products that aggregates
Just a few weeks ago, according to NBCnews.com, a top user activity (log data) and churns it through a correlation
Department of Homeland Security official attested that
engine for anomalies indicative of cyber threat. For
there had been approximately 16 cyber-attacks on instance, Bob logging into the network at midnight and
HealthCare.gov. But 16 attacks on HealthCare.gov isn�t the downloading some product development data might be
story to take of note from Washington here. NBC cites the uncommon but it�s certainly not out of the realm of
official stating that the DHS had recorded �approximately
possibility. However, Bob logging into the network at
228,700 cyber incidents� over the course of the previous midnight and downloading data from a Saudi Arabian IP
fiscal year with an astounding �620 incidents per day address when he badged out of the local office at 8 p.m. is
involving federal agencies, critical infrastructure, and the downright impossible, and this anomaly would warrant
department�s industry partners.�
immediate action.
“According to the �The problem with InfoSec is that both government and
industry are largely reactive to (cyber) intrusion,� adds
Carnegie Mellon Faucher. �Part of this is the sheer amount of log data they
have to pour through because they can�t correlate it
University’s CERT systematically. The other problem is that most IT shops are
in firefighting mode managing (helpdesk) tickets post-
Program, one third of incident. After the incident, it�s too late, and you�ve
cyber breaches probably already lost IP or experienced a system failure.�
Undoubtedly the most difficult intrusion coming from
originate from insider outside network walls, are cyber-attacks from mobile
threat” devices and tablets. In part, this is due to reactive InfoSec
management – weeding through helpdesk tickets for events
that have already happened. Another contributing factor
here is the general consensus by many IT network
According to the Carnegie Mellon University�s CERT
managers that a mobile device is not a network
Program, one third of cyber breaches originate from insider
workstation. In fact, you will still find many large-sized
threat. What would motivate your office mate to steal
organizations where telephony and IT infrastructure are
intellectual property from your employer� Money from a
segmented departments. This was certainly the case at my
foreign government, political motivation, revenge…the
last corporate gig. The two departments were on the same
reasons are numerous. What is well known throughout the
floor but if I had mobile phone problem I went to the
InfoSec industry is that a significant chunk of the 228,000+
telephony manager and if I had a desktop problem, I went
incidents recorded by the DHS last fiscal year originated
to IT.
with a foreign government wanting your organization�s IP,
and if you work for Lockheed or other government defense Without a doubt, the lines of defense for mobile devices
contractor, the threat extends well beyond your are thin. Most CISOs have yet to wrap the safety net around
organization and into the streets of Anytown, U.S.A. mobile and embrace it as a viable workstation with all the
vulnerabilities of a laptop or personal computer despite the
�A good percentage of our cyber-crime fighting effort is
fact that they now have more storage capacity than some
spent on insider threat,� says George Faucher, CEO and
laptops did just a few years ago. But this isn� t the biggest
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 33
