We’ve been presenting this slide deck to security groups across the Midwest. (This version includes speaker’s notes) Here’s the “reader’s digest version” of our new reality…
The kill-chain is incredibly more complex than anything we’ve ever had to handle. NEST… fitbit… cameras on game stations… These are a microcosm of the new perimeter on our corporate networks.
- New attack vectors involve not just InfoSec… but physical security, operational security, social media, and the stuff in our homes & on our bodies.
- Attacks exploit the Internet of Things, not just at work, but… at home, the gym, and places that maybe some of your employees wouldn’t want ***anyone*** to know about.
- Think… bad guys assembling “personal private information repositories” on key employees… personal habits, daily routes, psychological predispositions, & personal preferences. Spear fishing never got so easy.
- Think… “ransomware on steroids”.
- “Your XYZ process controllers will be permanently disabled in 24 hours if $100K is not transferred to this account within 24 hours.”
- “We have been “watching” 7 of your senior executives. Nefarious activities of 3 of them will be published next Firday if $1M bit coins are not in our account by 12:01 of that day. Sample photos attached. Your stock price WILL be affected.”
New methods are needed to combat these new attack vectors:
- Tighter collaboration between compliance & SecOps
- Working within your industry to share attacks and similarities in your threat surface
- Updates to the security frameworks that have worked well up until now
- Security tools based on machine learning, data science & analytics
- Using game theory to create a plan for combatting the evolving kill-chains
If this piques your interest, give us a ring and we’ll be happy to rap about the problem and ways to respond.