Sunday, September 25, 2022
Home Tech News Infosec pros focus on preventing attacks but miss important alerts, conference told

Infosec pros focus on preventing attacks but miss important alerts, conference told

The biggest mistake infosec leaders make is putting too many resources into regulatory compliance and preventing cyber attacks, says a Cisco Systems official.

“Most companies don’t prioritize” their work, Carey Spearman, a senior security consultant at Cisco told the Toronto Cybersecurity Conference on Tuesday.

Worse, he said, “they don’t think like a hacker. A lot of attackers, be they organized crime or nation states, are very organized, very methodical. If you research, you find they work in groups that specialize, they have all the tools you have.

“If you patch all your vulnerabilities, they will find the next vulnerability.”

He also suggested sometimes IT security teams are their own worst enemy.

“There are definitely common things in all attacks,” he said. “For example, in ransomware we see there are always a series of low or medium alerts that get ignored. Usually by the time there is a critical alert you have 15, maybe 30 minutes to take some kind of action before your systems start locking up. That’s just not enough time to react.”

What’s sad, he added, is that today there are great intrusion detection tools, but often their signals get ignored.

By failing to think like a hacker, infosec pros miss the fact that attackers tailor their work so it will trigger low level alerts, Spearman said. “We need to find ways to focus on that.”

It’s more important than ever to have that attacker mindset, he added, because the average attacker dwell time can be as short as four days.

Spearman was part of a conference panel on strategies for protecting against cyber attacks.

When the discussion turned to whether organizations should refuse to pay ransomware gangs, Lorne Oickle, senior sales engineer at backup and recovery provider Cohesity, argued those who pay aren’t confident they can restore their data from an unencrypted source.

He got support from Kevin Cole, director of technical training at Zerto, a Hewlett-Packard Enterprise cloud data management provider. Many companies think they can recover data from a backup solution, but when they have to do it, “something happens.” Data recovery procedures have to be regularly tested, he said, and IT pros also have to make sure data recovery time is as short as possible.

Organizations also have to make sure backed up data can’t be reached by attackers, he added.

What IT wants to do is minimize data loss and downtime, he said. “If you can get those two together, you have a really good shot at resuming operations with less impact than you would otherwise.”

Jade Perron, cybersecurity strategist at Mimecast, stressed the importance of security awareness training for employees. Regularly refreshing presentation content is important, he added.

He also said organizations should make better use of machine learning to help give contextual warnings to employees about potential attacks and malware.

Spearman added a somber note by saying too many executives still believe cybersecurity is strictly an IT department’s responsibility.

“I was in a [cybersecurity] meeting one time with the CEO of a company with about 200,000 employees. After about a half hour he stands up and said, ‘I don’t know why I’m here. This is why I hired all you people,’ and he walked out.”

It’s important, he said, that infosec pros show the C-suite that cybersecurity is valuable. There are lots of companies, he added, that will help prove there’s good return on investment in cybersecurity.

- Advertisment -

Most Popular

Brock Boeser refocused on hockey as Vancouver Canucks kick off training camp

Brock Boeser believes this is his year. The Vancouver Canucks right-winger struggled at times last season while dealing with the declining health of his father,...

From 3D glasses to her first broadcast, Queen Elizabeth and technology throughout the years

It’s been 96 years of innovation (Picture: Getty Images/PA)From 3D speeches and Paddington Bear sketches to her first tweet and passion for photography, here’s...

T-Mobile adds domestic United flights to its free in-flight Wi-Fi roster

/ United joins Alaska and Delta on T-Mobile’s list of airlines with in-flight Wi-Fi included in Magenta and Magenta Max planT-Mobile continues adding...

Shattered Dreams and Bills in the Millions: Losing a Baby in America

The day after his 8-month-old baby died, Kingsley Raspe opened the mail and found he had been sent to collections for her care. That notice...