An article published in the New York Times last Wednesday touched off a media frenzy by suggesting that Iran has been behind the cyber attacks on US financial institutions taking place since late September of last year. While the questions of forensics and culpability pose a particular challenge when it comes to cyber security, there are a number of unprecedented components to these attacks that should absolutely command our attention.read more
As a former military veteran, I fully understand that the term “weekend warriors” is typically used to refer to military personnel on reserve status. These folks are normally tasked with some routine activities throughout the year with their affiliated military ‘unit,’ which is generally fulfilled during a weekend or two as not to disrupt their ‘day’ jobs.
However, have you noticed how similar a private cyber warrior is to a military cyber warrior? In suggesting this, I’m not trying to take anything away from my military brethren. But the duties, tasks and efforts are eerily similar. The nature and persistency of modern day cyber-attacks has forged a new type of information security professional – someone who needs to sacrifice nights, weekends, sleep and a personal life to answer the call of cyber defense duty. Sounds a lot like what I knew when I was in the military.read more
On Nov 29th I had the good fortune to participate in a 45-minute panel discussion at the Bloomberg Enterprise Risk Conference on the following topic:
The panel consisted of a number of esteemed industry thought leaders including Dimitri Alperovitch, Co-Founder and CTO, CrowdStrike Inc, John M. (Mike) McConnell, Vice Chairman, Booz | Allen | Hamilton; Former Director of National Intelligence (DNI) and Andy Ozment, Senior Director for Cybersecurity, National Security Staff, The White House. Michael Riley, an industry reporting veteran from Bloomberg News and a true gentleman, moderated the panel.
There is no doubt that the last couple of months have been historic in the world of cyber security. In October, it was US banks and financial institutions that faced a barrage of cyber attacks during “Operation Ababil.” In November, Israeli websites came under fire during the Anonymous led “OpIsrael” attacks. However, there is a stark contrast in the effectiveness of these two attack operations. While the banking attacks were by-and-large successful, the attacks on Israeli websites fell short.
Of course the question for security experts is – how do we explain this disparity? Is it because the financial sector didn’t have enough resources or serious professionals dedicated to program management? Is it because the Israeli government possessed a cyber defense strategy that was executed flawlessly? In truth, neither scenario seems likely and the real answer may make some a bit uncomfortable.
I wanted to thank everyone who participated in our recent Attack Mitigation Black Belt Challenge which was an enormous success. Out of the 383 participants that started the Challenge, slightly less than 10 percent had the required security expertise needed to complete four levels to achieve Black Belt status.read more