Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 5 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

RSAC – Schneier details ways to survive catastrophic attack

by The Gurus
April 24, 2015
in Editor's News
Share on FacebookShare on Twitter

Catastrophic issues in security can occur, but there are ways to recover.
Speaking at RSA Conference in San Francisco, Bruce Schneier, CTO of Resilient Systems, highlighted the Sony Pictures attack as being an interesting case as it brings catastrophic risk uses to the fore, and not catastrophic as in a life ending sense, but in company terms.
He highlighted seven ways in which a catastrophic incident could be dealt with. Firstly he recommended keeping it internal to “incapsulate the catastrophic risk”, secondly consider that attackers on two axes of skills and focus and with someone who is low skilled but has a high focus would use a basic APT, but in the case of Sony this was low skills and low targets. “Why this matters for security is the difference between absolute and low security; it doesnt matter how good security is, be more secure than the other guy and in a high skill high focus they want you,” he said.
“The aAttackers wanted Sony and attackers have the advantage on internet, and never fail not to get in and against a skilled adversary, our defences don’t work.”
The third point was that Sony had bad security and a CISO who left before attack, while the fourth that there is a democratisaton of tactics, as we are not fighting a cyber war but we are seeing war-like tactics used in cyber conflicts. “The blurring between nation state and non-nation state is getting worse,” he said.
The fifth point was that attack attribution is hard and there is a broad distrust in the security community towards Government FBI. “Defence is difficult and who defends Sony, if it was North Korea it is the military, if it was hackers it is the police,” he said.
The sixth point is that incident response is difficult to figure out, while the final and seventh is that resilience is hard too, and you need to figure out how to survive and what may be the most cost effective strategy.
In terms of a solution, Schneier said that the two options were more surveillance as you cannot have one person with all of the capability, but that doesn’t work, while the second was more use control on copyright wars, on 3D printers and software defined radio and computers and cars. But, two decades of education means it does not work, so both fail.
Schneier concluded by recommending securing against technological threats and looking for defence points, and the second is a more agile response. “In a lot of cases we respond fast enough and do ok, but these are not disasters but we do need to do better,” he said.
“There are a lot of problems, so how do you determine what is worth it or not, as you don’t know what good enough security looks like. It is not like a natural threat, you can do maths on meteor strike so know what to spend on remediation, but it doesn’t mean we can do it as we are bad at this sort of risk.
“How do we defend against that sort of attack which wants to do as much damage as possible? It is not a question to worry about, but think about. Think about what they did and not who did it, and decent response – you might be forced to be transparent and what would you do if it became public? Just embarrassing or career limit embarrassing. The goal is resilience in the face of attacks. Just as I was saying since the 1990s – it is about prevention, detection and response.”

FacebookTweetLinkedIn
Tags: attackResilienceResponseSchneierSonySony hack
ShareTweetShare
Previous Post

Costa Coffee informs loyalty members of potential breach

Next Post

RSAC – Longevity and humour in a successful awareness campaign can engage users

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information