RSA Conference 2021-When the colony pipeline attack made headlines earlier this month, Steve Grobman knew that every security practitioner would soon talk about the ransomware risk in his organization again…
He said: “By 2021, we are halfway through, and the pendulum has begun to discuss ransomware attacks.” “If we concentrate on the last thing, [have] If it happens, then we will be in a very dangerous situation. ”
McAfee senior vice president and chief technology officer Grobbman (Grobbman), who served as the keynote speaker at this week’s RSA Conference, pointed out the flaws in the headlines focusing on risk-based decision-making. Grobman’s argument goes like this: As humans, we are very bad at perceiving risk. We are too vulnerable to the media, anecdotal data and evolutionary biology. He called on security leaders to rely on data and science instead of headlines when deciding where to invest in tools and how to develop security strategies.
He said: “Many major events that we can follow in the media, such as Sony and Ashley Madison, have caused a sensation.” “But we have nothing to do with any of these attacks. Know. We need to fully understand all events that may affect the organization.”
Grobman advocates for more security teams to build a risk model that considers three factors: impact, scale, and frequency. When it comes to the organization’s threat profile, how likely is a certain type of attack or incident to occur?
He said: “How do we prepare for earthquakes in earthquake-prone areas? Cybersecurity should be the same thing.” “Organizations need red team cooperation. [and] Instructions on how to respond to different types of attacks that may affect them. ”
Always evolving: cyber resilience plan
In the panel discussion on building cyber resilience, which was also the theme of this year’s conference, panelists responded to many of Grobman’s propositions. Biju Hameed, Director of Technical Infrastructure and Operations at Dubai Airport, said in “Building Cyber Resilience: CISO Considerations” that his flexibility planning is based on digital and scientific evaluation.
Hameed said: “It is very important to define quantitative indicators to define resilience goals and functions.” “There are usually many views and assumptions about what we need to do.”
Abeer Khedr, director of information security at the National Bank of Egypt, said the effort to determine which risks are most relevant is an evolving process. Khedr said that with so much happening in digital banking and financial services, “the borders no longer exist and the attack surface is expanding.”
As nation-states, hacktivists and criminals are also looking for ways to exploit financial weaknesses, the bank has been developing its cyber resilience program.
Dr. Reem Al-Shammari, Head of Digital Transformation for Kuwait Petroleum Corporation Enterprise Solutions and Digital Oilfields, added: “When we talk about cyber resilience, this is always a journey. It is more than just a project.”
Arwa Alhamad, director of network security support, said that the resilience of Saudi Arabia’s telecommunication provider stc is based on three principles.
- There is a hacker mentality: You must think like an opponent and understand the battlefield.
- Make it expensive and difficult: Invest the largest funds to protect the crown jewel of the organization.
- well prepared: Know how long it will take to detect and respond to an incident.
McAfee’s Grobman said that in addition to considering enterprise-specific risks, the best way to build resilience usually involves deploying some of the most basic technologies.
He said: “For example, if you are an organization that has not yet implemented multi-factor authentication, turn on MFA.” “Usually, this is a very boring but important starting point. Sometimes, for an organization, the most important thing is the most important thing. Boring or least exciting.”