Security pros talk about playing defense against cybercrime

Network World – Security professionals are playing defense against cybercrime, and often feel outgunned by tech-savvy hackers and insiders out to steal sensitive data from within the business. They see a shortage of qualified security personnel to call on, but also believe that threat-detection tools are getting better.

Those were sentiments shared today by security experts from two large financial services companies, Citi and AIG, together with a special agent of the FBI at a panel discussion at Pace University in New York. When asked about the kind of things that worry them most, they were quick to point to the kind of attacks that are hard to stop and the difficulty in chasing cybercriminals around the globe.

“Zero-day vulnerabilities bringing down the network,” said Bernadette Gleason, North American eCrime laboratory manager at Citi. Use of zero-day attacks by cybercriminals give them the advantage because they can exploit unknown vulnerabilities. “We’ve seen this happen and try to mitigate against it.”

+ ALSO ON NETWORK WORLD FireEye, AhnLab score low in lab test of breach detection systems | How do the FBI and Secret Service know your network has been breached before you do? | Patch management flubs facilitate cybercrime +

Like many businesses, Citi applies a defense-in-depth strategy but there’s also the realization that the financial services industry has to do better at “consumer awareness” by helping educate the public more about cybercrime, without confusing people with technical terms, she added.

“I worry about the hacktivists and nation states,” said Robert Zandoli, senior vice president in the global chief information security office of AIG.

Zandoli said one of the main challenges today is that a large company gets billions of alerts from security tools, but then struggles to determine the top priorities. But Zandoli expressed optimism that the security industry is making advances. He also said the idea of “dynamic defense” where security tools can monitor and see anomalies and react automatically is evolving.

FBI special agent Charles Gilgen acknowledged that for law enforcement, being reactive, the challenge pertains to the global nature of cybercrime across national boundaries, where an innocent-looking e-mail loaded with malware can begin the attacker’s incursion into business networks. But the FBI is beefing up its cyber division, he added, with plans to add 1,000 analysts next year.

Gilgen cautioned to be on the watch for the insider stealing data, noting that some tell-tale signs can be a person, especially someone with personal or financial problems, who suddenly takes to sitting at someone else’s computer or starts asking unexpected questions. This might be harmless, but can be indicators of insider threat troubles, he said.

Gilgen also warned against taking computers with valuable proprietary data overseas where in some countries there are ongoing aggressive actions to steal it. He also added that the FBI is concerned that attackers are increasingly going after smaller U.S.-based companies that sometimes aren’t as well prepared as large businesses.

Sourse: networkworld.com