INTELLIGENT BRANDS // Enterprise Security
POWERED BY
security operations that can take advantage
of that visibility and see what’s happening.
Right now, some of the smartest hackers are
trying to access accounts by simply taking a
publicly accessible email address and trying
different passwords a few times a day and
they’ll keep doing it until they get in.
You have to be ready for even the most
seemingly simple threats, and you have to
detect them, because I don’t believe we’re
going to be able to do security risk transfer
to have the cloud providers detect it. It’s a
tough thing to do.
They can’t tell you how your users normally
use their email. They just try to make it
available to your users. So, we’re going to
have a lot of interesting challenges and
complexities there.
Is there something that organisations
should be doing that they may not be
thinking about?
One thing we’re going to have to start doing
is protecting our own employees. I’ve dealt
with this issue personally at FireEye, and
we’re currently working with companies to
figure this out.
International privacy
Also, we’re going to have to deal with
international privacy issues. You look at this
world of people who have essentially been
prisoners of geography for 10,000 years, and
suddenly we’re all connected globally.
We’re international. Companies can connect
to each other and work globally more
than ever before based on the advances in
communications we have made. As a result,
we’re going to have to fix some privacy
issues that stem from there.
What nation-state activity do you expect
in the rest of the year?
We talk about Russia; we talk about China;
we talk about North Korea; for me, I’ve got
my eyes on Iran. In 2017, Iran really started
acting at scale and I ask myself just how big
is that scale?
We don’t know if we are seeing 5% of Iran’s
activities or 90% – although I’m guessing
80
INTELLIGENTCIO
it’s closer to 5% – but they’re operating at
a scale where, for the first time in my career,
I’m not convinced we’re responding more
to Russia or China. It feels to me that the
majority of the actors we’re responding to
right now are hosted in Iran, and they are
state sponsored. We did a report on APT33,
a threat group out of Iran. They’re primarily
targeting the Kingdom of Saudi Arabia, the
United States and Israel. Those nations tend
to pop up on Iran’s radar when it comes to
targeting. It’s game on for them.
Many companies are thinking about how
their employees are on their own when
they go home. These staffers are at home
and they’re using various personal email
and social media accounts as part of their
daily lives.
The question then becomes: If someone
can hack your employees’ private accounts,
can they hack your enterprise? Or can they
at least make it so there is a perception that
they hacked your enterprise?
What are your thoughts on cloud security?
We need better cloud visibility. It’s as
simple as that. I’ve been waiting for the
day – and it’s been a long time coming –
where the intrusions we respond to have
cloud components.
Those days are now here. I read our forensics
reports. I know that a lot of people are
depending on the cloud, and we need
visibility. Many of these cloud providers
are providing it, but we don’t always have
There are hackers out there who will hack
an employee at a company and they will
post any document they can get, and they
will say they hacked the company even if
they haven’t.
It’s a reputational thing; while it’s hard to
gauge the public response to these types
of incidents, right now many companies
are being deemed irresponsible or
negligent or compromised when they are
none of those things. n
www.intelligentcio.com