Jan 16, 2020
All links and images for this episode can be found on CISO
The Iran conflict has threatened new retaliations and we don't
know where they're going to come from. Cyber retaliation is a real
possibility. Who's being threatened and how should we prepare?
Check out this post for the discussion that is the basis
of our conversation on this week’s episode co-hosted by
Spark (@dspark), the
producer of CISO
Series and Allan
Alford (@AllanAlfordinTX). Our
sponsored guest is Nicholas
Hayden, global head of threat intelligence, Anomali.
Thanks to this week’s podcast sponsor,
Anomali is a leader in intelligence-driven cybersecurity
solutions. Anomaly turns threat data into actionable intelligence
that drives effective security and risk decision making. Customers
using Anomali identify cyber threats from all layers of the web,
automate blocking across their security infrastructures, and detect
and remediate any threats present in their networks. www.anomali.com
On this episode of Defense in Depth,
- As we're seeing now, it often takes a scare like Iran, to get
everyone to pay attention to their threat detection and response
- if you believe you're a target for an APT (advanced persistent
threat) you need to also assume it's going to be hidden.
- If and when you find an APT, also assume it's at the beginning
of an attack chain. You're going to have to go deeper. Shutting it
off at that moment won't let you understand what's happening.
- Iran may use the resources of China and Russia as they have
hooks into other industries.
- There's a strong belief that cyber warfare is commingled with
organized crime. The two groups need each other.
- Much of the "how to handle Iran" advice is to focus on
foundations, not basics, because it's actually not easy, said Yaron
Levi, CISO, Blue Cross/Blue Shield of Kansas City, we use these
potential threats as an area of focus.
- If you are doing the fundamentals, and doing them well, you are
doing what you can. You don't have the intelligence that the
military has, and therefore, you don't have the ability to craft
- Beware of complacency and going in and out of "heightened
alert". Eventually, people will forget about this perceived
impending Iran threat. That's why threat intelligence needs to be
handled consistently over time.