Ask the Expert: Which verticals are experiencing the most threats?
Kirk Hogan, CIO and Practice Lead, Security Operations at Iceberg Networks and Bill Vollono, Sales Engineer at Recorded Future sat down to answer some more of the questions that they are hearing from organizations about cyber risk. The following is an edited transcript of the conversation.
Bill Vollono: This is a fun question because we get to pontificate about threat actors and who they are targeting. The reality is, it’s every industry. It’s really about [threat actors] having that persistence in a network and ultimately having a payday. They are pursuing the dollar. We often hear about financial services companies that have a lot of bandwidth or financing backing them to buy the products or tools to prevent any particular type of threat or attack. The reality is, that threat of attack is across all industries. I’ve worked with small companies that produce PVC piping for plumbing that need threat intelligence or intelligence. I’ve worked with agricultural companies that are producing feed for animals and they need protection because they have a network, they are going digital and they have employees dispersed nationally or globally. That, in and of itself is a big attack vector for threat actors who are ultimately not concerned with the brand name or the vertical but is worried about stealing money or harming others in some shape or form.
Kirk Hogan: Not to get into the kill chain because if we keep it simple, not everything is an attack. There is a whole reconnaissance piece that happens first, so I think there are a lot more organizations that are waiting for the attack or are trying to protect against the attack, but it starts much earlier than that. The threat actors are actually trying to get inside or into your head or into your social network to be able to do that reconnaissance to set themselves up. The game starts a lot sooner than the attack ever did. Depending on what they are trying to achieve and what their motivations are, what a threat is by vertical can be very different. You might say that investment firms are more prone to attacks than the service providers which are probably going to be more prone to the reconnaissance. If you think about it, a threat actor doesn’t want to take down a service provider, they want to watch a service provider provide services and then network out into the people they provide services for. The whole motivation is something very different. That’s why it’s such an interesting question and you can go on all day long about it.
Bill: It’s unique. You know Kirk, I spent a few years prior to Recorded Future at another cyber firm and we had a special angle on social media and the concept of OSIF and the information gathering that is out there and it’s scary. As the world becomes more technical – more social media, more software – you open yourself up more. There are new great products that solve a problem, but they also open you up to avenues of risk or attack that you’re not even aware of, that you don’t even know about yet. That’s not missed by threat actors and they are playing the long game, they are collecting information where they can.
Kirk: It’s scary but we need to remember, we need to move around in this world, so it’s about reasonableness. We need to apply that but ask yourself a few good questions before you put yourself out there about what’s really going on.