Let’s rap about the next biggest mega trend in InfoSec

We’ve been presenting this slide deck to security groups across the Midwest. (This version includes speaker’s notes)  Here’s the “reader’s digest version” of our new reality…

 

The kill-chain is incredibly more complex than anything we’ve ever had to handle.  NEST… fitbit… cameras on game stations…  These are a microcosm of the new perimeter on our corporate networks.

  • New attack vectors involve not just InfoSec… but physical security, operational security, social media, and the stuff in our homes & on our bodies.
  • Attacks exploit the Internet of Things, not just at work, but… at home, the gym, and places that maybe some of your employees wouldn’t want ***anyone*** to know about.
  • ​Think… bad guys assembling “personal private information repositories” on key employees… personal habits, daily routes, psychological predispositions, & personal preferences.  Spear fishing never got so easy.
  • Think… “ransomware on steroids”.
    • “Your XYZ process controllers will be permanently disabled in 24 hours if $100K is not transferred to this account within 24 hours.”
    • “We have been “watching” 7 of your senior executives.  Nefarious activities of 3 of them will be published next Firday if $1M bit coins are not in our account by 12:01 of that day.  Sample photos attached.  Your stock price WILL be affected.”

New methods are needed to combat these new attack vectors:

  • Tighter collaboration between compliance & SecOps
  • Working within your industry to share attacks and similarities in your threat surface
  • Updates to the security frameworks that have worked well up until now
  • Security tools based on machine learning, data science & analytics
  • Using game theory to create a plan for combatting the evolving kill-chains

If this piques your interest, give us a ring and we’ll be happy to rap about the problem and ways to respond.

Leave a Comment