One Article Review
| Source |  SANS Institute |
|---|---|
| Identifiant | 4450 |
| Date de publication | 2016-07-20 18:09:11 (vue: 2016-07-20 18:09:11) |
| Titre | Guest Diary, Etay Nir: Flipping the Economy of a Hacker, (Wed, Jul 20th) |
| Texte | Flipping the economy of a HackerPalo Alto Networks partnered with the Ponemon Institute to answer a very specific question: what is the economic incentive for adversaries?Ponemon was chosen as they have a history of crafting well respected cybersecurity research, including their well know annual cost of a data breach reports. The findings are based on surveys and interviews with Cybersecurity experts, including current or former attacks. These are all individuals who live and breathe security, many of whom have conducted attacks. Nearly 400 individuals were part of the research, across the United States, Germany and the United Kingdom.When you think about security research, most of the focus has been on how attackers get in, and the damage they cause once they are inside. We set out to approach this problem from a completely different angle: understand the economic motivations of an attack, the factors that influence this, and be able to leverage this data to help organizations better respond to attacks. If we can remove the motivation, we can decrease the number of successful attacks. It is as simple as that.You can download the full report from: http://media.paloaltonetworks.com/lp/ponemon/report.html andhttp://www.ponemon.org/library/flipping-the-economics-of-attacksThere are clear highlights I believe that can influence your understanding of attackers, and influence your ability to defend yourself from them:The majority of attackers (72 percent) were opportunistic, not wasting time on efforts that do not quickly yield high-value information. While advanced nation state actors employ lots of planning, think about the average attacker as the mugger on the street, versus Oceans Eleven crew that spends weeks planning a complicated high stakes heist. When put into this context, organizations that prioritize making themselves a harder target, will actively deter a significant amount of potential breaches.There is a common notion that they are in for a big payday. This is really the exception, rather than the rule, with average annual earnings from malicious activity totaling less than $30,000, which is a quarter of a cybersecurity professionals average yearly wage. This limited earning power becomes even less attractive when you consider the added legal risks including fines and jail time.Time is the defining factor to change the adversarys arithmetic. As network defenders, the more we delay adversaries, the more resources they will waste, and higher their cost will be. We found that increasing the time it takes to break into and carry out successful attacks by less than 2 days (40 hours), will deter the vast majority of attacks.Finally, it is all about how you protect yourself. Because attackers are so opportunistic, and their time is so valuable, we can change the attack equation with next-generation security approaches. We found that organizations rated as having excellent security took twice as long to breach, when compared to those rated as typical. Putting the right security in place makes all the difference.To understand how to influence an attackers economic motivation, we must consider what I call the adversary arithmetic, which boils down to the cost of an attack versus the potential outcome of a successful data breach. If malicious actors are putting in more resources than they are getting out, or we decrease their profit, being an attacker becomes much less attractive. What we have seen is simple, more malware and exploits, more effective toolkits, combined with cheaper computing power has lowered the barrier to entry for an attack, and resulted in the increase in attacks we covered in the last slide.Using the survey finding as a guideline, lets walk through what we can do to reverse this trend.It is a random mugging, not a |
| Envoyé | Oui |
| Condensat | $30 000 140 20th 387 400 ability able about across act actively activities activity actors add added adding addition adds advanced advantage adversaries adversary adversarys after against all allow also alto always among amount andhttp://www angle: annual another answer anyone anything anywhere application applications applying approach approaches are arent arithmetic around ask attack attacker attackers attacks attacksthere attempting attractive attribution automate automatically availability available average awareness away bad barrier based basis because become becomes been begin behind being believe believed best better between big block boils botnet breach breaches break breathe bubble build business but buying call can cannot carry cases categories:remove cause center challenge change cheaper chosen cited citing claim classify clear cloud collaboration com/lp/ponemon/report combat combine combined come comet common commons community companies compared compares completely complicated computing concerning conduct conducted conducting consider constantly context continue control convert cost costly costs covered craft crafting creative crew criminal current curve custom cyber cybersecurity damage dangerous dark data days decline decrease decreasing defend defenders defense defining delay delaying dent deploy deter developed developers devices diary difference different discussed disincentive dive doesnt done down download due each earning earnings easier easy economic economics economy ecosystem edge edu effective efforts eleven employ endpoint enough enterprise entire entry equation erode espionage essentially etay even ever every everyone evolution evolved examine examples excellent except exception expensive experts exploits extremely factor factors facts favor feed final finally financial find finding findings fines flip flipping focus following force forcing former forums found from from: full gain generation germany get getting give given gone good government group groups guest guide guideline guy guys hacker hackerpalo half happen harder has have having heist help here high higher highlights highly history hours how however html http://media https://isc huge hypothesis: identify impact important importantly improved incentive include including increase increased increasing increasingly independent individuals influence information inside instantly institute intelligence interesting internet interrupt interviews ivy jail job jul just key kingdom know known landscape large largest last lastly learn learned learning led legal less lets level leverage leveraging license like limited literally live long look looking lots low lower lowered maintain major majority make makes making malicious malware many march matters may meaning means mindset mobile models money more most motivated motivation motivations move movie much mugger mugging muggings multipliers must nation near nearly need needs network networks new next nir: noncommercial not note notion novel now number occurring oceans once one ones online only operators opportunistic opposed order org/library/flipping organization organizations other othertoolkits out outcome outdated paloaltonetworks part partnered pay payday paying pentesters percent perfected period perspective place planning poison policy ponemon popularity posture potential potentially power powerful practices presented prevent primary prioritize proactive problem process professional professionals profile profit proof protect protected proves purchase put putting quarter question question: quick quickly random ransomware rated rates rather real really reason reasons recon reduce relative relatively remove rent report report: reports required research resources respected respond respondents responses responsible resulted results reverse right risk risks robbery rule salary same sans saw saying scale script security see seen serious service set shape shared sharing short significant simple single skill skills slide slightly software some something sophisticated specific spectrum spends spent split |
| Tags | |
| Stories | APT 32 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.