The FBI needs US corporations to play offense, not defense! Shawn Henry, formerly in charge of cyber-investigations at the FBI has 3 messages to executives:
1. Understand that, to wreak havoc on corporations, all it takes is some attacker, anywhere in the world, with a $500 laptop and a connection to the Internet. Flying jets into buildings took a lot of planning.
2. Corporations have to attack the attackers! (Within legal boundaries.) Today, corporations spend time examining what happened. US soldiers do not examine incoming shells, “Oh, that was an 82mm mortar shell that just mortally wounded my corporal.” “Oh, let’s go examine that RPG that nearly killed us.” Instead, soldiers immediately move downrange and neutralize the threat.
3. Executives, use a football fake out: Store important data in some obscure place on your servers, and put “fake data” where your data would normally be stored. The attackers will end up stealing useless information. That’s one of the effective measures the FBI suggests.
Mr. Henry explained that, prior to 9/11; the FBI measured their success based on the number of arrests, indictments, etc. Now, the FBI uses the metric of how much actionable evidence they deliver to those who can stop attacks. The FBI is no longer case driven, it is threat driven.
The FBI wants executives to raise the attackers’ cost. Make it expensive for cyber-criminals to attack you!
He kept using the words detect, deceive, disrupt, dismantle, covert, action, speed, and surprise.
The keynote was a call to action for corporations to put some offense into their defense.
Unless you’ve already done so, please renew your free subscription to the E-Savvy Newsletter by going here: https://www.fosterinstitute.com/it-roi-newsletter/. You will receive a Double Opt In email asking you to confirm your subscription. If you are concerned the confirmation email is spam, please forward it to us and we’ll click the confirmation link for you. Many of you have already confirmed, and users who do not confirm will be dropped from the mailing list.