It was the second day of ThreatLAB2014 and the room was full. The final closing remarks and “thank you’s” were said and done; the plates from the wonderful lunch provided by the Las Vegas Monte Carlo Resort and Casino were cleared. Effectively, the conference was over, yet none of the attendees wanted to leave.
More than a year ago, Secure Halo and our partners began to wonder what a conference that focused on holistic security would look like. Naturally, the conference would have keynotes, presenters and panels; but it would also incorporate an interactive component. We knew we didn’t want to just get people in a room and talk at them about cyberthreats; we wanted to get the right people in the room and have an open discussion about holistic solutions to cyberthreats.
The real insider threat
The opening keynote by John Powell set the stage for ThreatLAB perfectly. Mr. Powell was the general counsel for American Superconductor Corporation (AMSC) in 2011 when the company fell victim to a devastating corporate espionage event. He offered a chilling retelling of how a single employee, who had all the right access and who was working with a China-based competitor, was able to steal AMSC’s proprietary source code. As a result of this insider threat, AMSC’s market capitalization was reduced by 90 percent, its annual revenue plummeted by 75 percent and its workforce was decimated by 70 percent.
Threat, it turns out, does not always emanate from the outside. No firewall could have prevented this attack. AMSC was a small company; the company knew it should have compartmentalized its crown-jewel code, but “AMSC often does field-testing, and having our code compartmented wouldn’t have been practical in the day-to-day operations of our small business,” Mr. Powell said. As he continued, Mr. Powell reiterated a common theme regarding how most companies think about cyberthreats: “We were a small company, we had tight budgets and a small staff busy executing our business plan. We honestly just thought this would never happen to us.” Powerful words that — if we are all as honest with ourselves as Mr. Powell was with us — may prove beneficial for us.
The insider threat that happened to AMSC highlights exactly what Secure Halo has been saying for years: cyber-centric solutions to cyberproblems ignore the fundamental reality that threats are diversified and never limited to just one domain.
From reactive to holistic
With John’s story still fresh in our minds, we began what would be one of the most interesting portions of the conference: the interactive scenarios. Using Secure Halo’s Enterprise Security Assessment (ESA) tool loaded onto iPads, we divided into threat assessment teams and worked our way through several scenarios modeled directly after real-life headlines of cyberattacks.
The first scenario flawlessly captured the confusion that stems from being forced into the reactive state of post-incident reaction: What do we know? How did this happen? What vulnerabilities were exposed? How do we keep this from happening again? Chaos and confusion are the emotions that characterize being caught in a reactive state. All of your strengths and weaknesses sharply come into focus and you begin to realize that policy without training and training without follow-up is meaningless. “If you are reacting to something, then you have already lost,” said one participant.
But attendees did not stay “lost.” As the day progressed and teams began to mesh, they started to look beyond the “who-did-it-and-how” stance of post-incident reaction and something magical happened. Presenting the participants with information from Secure Halo’s ESA tool allowed them to step beyond the reactionary role and begin discussing the need to eradicate the concept that legacy defenses such as firewalls or physical security solutions, such as guns, gates and guards, offer sufficient protection in today’s evolving landscape.
The conversation quickly turned to holistic solutions, transitioning the mentality of cyber being the cure-all into a comprehensive assessment examining the full suite of ingress points through which threats may enter an organization. One participant who works for a major online retailer said it best when he proclaimed, “In order to mitigate risk we must have buy-in from not only corporate leadership, but from all divisions across our organization.” Holistic security means you need to find your enterprise-wide vulnerabilities fix them and protect them through ongoing cross-domain conversations within your organization.
Until next year
ThreatLAB2014 was full of real-life tales of woe, yet as we sat around the now cleared tables, we were not discussing the tragic headline-making outcomes of past incidents. Instead we discussed the commonalities we all face as business professionals. “Surprisingly, the biggest challenge I still face is convincing my leadership that mitigating cyberthreats has a direct value to our bottom line,” said a participant representing a global logistics provider. Every person at the table wholeheartedly agreed on that concept.
As I stood up to exchange business cards with a director of IT for an energy company, he said, “these are the conversations I needed to hear.” We shook hands and as he turned to leave he paused and asked, “ThreatLAB is going to be an annual thing, right?”
It turns out that getting the right group of people together to discuss the ever-morphing challenges of cyberthreats is exactly what many people have been looking for. ThreatLab2014 was an amazing two-day conversation and it was one we hope will continue throughout the year until ThreatLAB2015!
To learn more about ThreatLAB2014 or stay informed about future events, visit us online or follow Secure Halo on Twitter: @TSCAdvantage.
