Security events are a time when industry experts don their best suits (or for some, the obligatory khaki trousers and polo necks) and hawk their shiniest toys, professionally curated PowerPoint presentations and expensive goody bags to C-suite IT executives. The RSA Conferences are no different. While walking through the conference halls of the plush Marina Bay Sands in Singapore last week one would hear 2018’s buzzwords – such as "data-driven analytics," "artificial intelligence," "identity and blockchain" – being discussed in room after room. Make no mistake, though. Every IT executive who attended last week's conference was desperately seeking the magic potion that can stop criminals from getting access and control to their organization's precious online assets.
Among the numerous talk tracks that were on the agenda, there was one topic that usually gets sidelined from these discussions. And it's perhaps the most important.
Information or intelligence sharing is often a poor cousin when it comes to headline-grabbing security topics. However, the fact that “sharing is caring” isn't high on the agenda shouldn't devalue its importance in the fight against cybercrime. An IT leader without a holistic view of the threat landscape is like a skydiver without a parachute. This point was pushed home by Verizon security experts Kristof Philipsen and Ashish Thapar at a packed learning lab session at this year's RSA Asia-Pacific Conference. The pair led an informative discussion on how organizations can apply real-life data breach insights to their existing cybersecurity strategy – and in doing so, improve their chances of keeping cybercriminals at bay.
Kristof, who has oversight of Verizon's security analytics, operations and threat intelligence business, remarked: "Victims of cybercrime are not random, therefore security controls should not be random. If you're making a business or purchasing decision, then you not only need access to intelligence that is relevant to your industry, you also need to know how to operationalize the data and to make it pertinent to your business."
Participants at the RSA session learned how to decipher real-life breach scenario data points and then leverage them in formulating a comprehensive security within their organizations. "At least 37% of malware-related breaches we see are unique, so organizations also need to think about proactive threat hunting", added Ashish, who leads Verizon's Investigative Response practice in the Asia-Pacific region.
Data points in the exercise were derived from the Vocabulary for Event Recording and Incident Sharing (VERIS) site – a free treasure trove of more than 330,000 incidents and 16,000 anonymized data breaches gleaned from 12 years’ of investigations across the world.
VERIS helps organizations to collect useful incident-related information and to share that information - anonymously and responsibly - with others. The overall goal is to lay a foundation from which everyone involved in the fight against cybercrime can constructively and cooperatively learn from each other’s experiences to better measure and manage risk.
So if sharing really is caring, when it comes to the battle against cybercrime, the VERIS community is a good place to start!
To better understand your threat landscape, check out the Vocabulary for Event Recording and Incident Sharing (VERIS). This site, available free, is a treasure trove of more than 330,000 incidents and 16,000 anonymized data breaches gleaned from 12 years’ of investigations across the world.