SlideShare a Scribd company logo

AI-Cyber-Security-White-Papers-06-15-LR

B
Bill Besse

The document discusses how predictive cyber intelligence can help organizations stay ahead of both cyber and physical security threats. It notes that investigations often find warning signs were missed by conventional defenses. The challenge is for organizations to detect potential threats early through tools like predictive cyber intelligence, which uses software and hardware to monitor public information for pre-incident indicators. This allows businesses to contain threats before damage occurs, whereas reactive security measures only address threats after the fact. The document provides examples of both cyberattacks and physical security risks organizations face and argues that predictive cyber intelligence can add important depth to defensive strategies.

1 of 13
Download to read offline
Every day brings news of cyberattacks and physical violence targeting businesses and public and private institutions.Theseincidentsinevitablyraisequestions about whether organizations are doing all they can to protect people, property, and information. Investigations reveal that there are often red flags and warning signs leading up to incidents that conventional security measures fail to detect. Pre-Incident Indicators signaling potential danger frequently appear on social media platforms, the Internet, and the Darknet, an area of the Internet that facilitates criminal communication and activity. The challenge is for organizations to discover the signs and contain threats before damage is done. A growing number of organizations are now using predictive cyber intelligence to go on the offensive against a range of physical and information security threats. With the help of professional risk assessment analysts,whousesophisticatedintelligence-gathering software and powerful hardware integration to monitor public information, organizations can stay ahead of threats that might slip past traditional security defenses. With predictive cyber intelligence functioning as an early warning system, in many cases, businesses can prevent specific threats from even reaching their defensive lines. White Paper “Cyber Intelligence and Containment” The Best Security Defense Includes a Good Cyber Offense
©2015 Andrews International, LLC Andrews International’s white papers are made available for educational purposes only, not to provide security and risk management consultation or legal advice. Although the intent is to deliver accurate and authoritative information on the subject matter covered, we do not represent, warrant, undertake, or guarantee that this white paper reflects the most current legal developments, regulatory actions, or court decisions. Andrews International is not responsible for any errors or omissions in content or for damages arising from the use or performance of this information under any circumstances. We encourageyoutocontactusorlegalcounselforspecificadviceonyourparticularconcerns. Thispaperisprotectedbycopyrightlaw.Youmayreproduceanddistributethiswhitepaper for your individual, noncommercial use. All other uses require the express permission of Andrews International.
White Paper “Cyber Intelligence and Containment” Page 1 of 10 Does Your Organization Face Threats That Could Be Predicted Through Cyber Intelligence? The simple answer is yes. No organization is immune to threats that could be anticipated through cyber intelligence. Businesses and institutions in every industrial sector are targeted for attacks of all kinds, and size is no object. In 2014, 60% percent of all targeted cyberattacks struck small- and medium-sized organizations.1 Below are examples illustrating the range of threats that can be predicted through cyber intelligence-gathering and analysis. Companies operating as part of the nation’s critical infrastructure are particularly at risk of attack and have a heightened responsibility to mitigate threats, because attacks against them impact national security. Not only are these companies at elevated risk but also their providers of goods and services (supply chain), and their executives and other personnel with special IT privileges or access. Risk of Cyberattacks Cyberattacks are escalating in number and in scale, according to reports from public and private sources. Symantec’s 2015 Internet Security Threat Report characterizes 2014 as “a year with far- reaching vulnerabilities, faster attacks, files held for ransom, and far more malicious code than in previous years.”2 The report shows a 23% increase in the number of • Targeted attacks to steal sensitive or confidential information • Data breaches from hacking, accidental disclosures, or device theft/loss • E-crime to generate money, involving malware, botnets, ransomware, disruption of website operations, etc. • Social media scams and mobile threats • Phishing and spam • Physical security breaches • Physical harm or damage to premises or property • Physical injury to people (employees, customers, visitors, etc.) • Civil disturbances • Flash mob incidents Cyber Threats Physical Threats The Department of Homeland Security (DHS) has identified the following 15 industries as “critical infrastructure”: • chemical • communications • critical manufacturing • dams • defense • emergency services • energy • financial services • food and agriculture • government facilities • healthcare and public health • information technology • nuclear reactors and materials • transportation systems • water and wastewater systems
White Paper “Cyber Intelligence and Containment” Page 2 of 10 breaches in 2014, following a 62% increase in 2013.3 The scale of attacks is also on the rise. For example, in 2013 alone, the average number of identities exposed per breach climbed 261%.4 Attacks targeting critical infrastructure companies are the focus of the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), operated by the Department of Homeland Security. ISC-CERT incident response numbers reflect a sharp increase in attacks against critical infrastructure operators from 2009 to 20115 . Attacks held steady in 20126 followed by another significant jump in 20137 . Even with a slight drop in 2014, incident response numbers continue to show a 600% increase over the numbers reported in 2010 8 . 201420132012 156 253 312 Number of Breaches Per Year 201420132012201120102009 9 41 198 198 256 245 ICS-CERT Incident Response Activity
White Paper “Cyber Intelligence and Containment” Page 3 of 10 Analysis of data collected through the Symantec Global Intelligence Network reveals 7 trends that emerged in 20149 : • Attackers are moving faster, defenses are not • Attackers are streamlining and upgrading their techniques, while companies struggle to fight old tactics • Cyberattackers are leapfrogging defenses in ways companies lack insight to anticipate • Malware used in mass attacks increases and adapts • Digital extortion on the rise: 45 times more people had their devices held hostage in 2014 • Cybercriminals are leveraging social networks and apps to do their dirty work • Internet of Things is not a new problem, but an ongoing one According to the Symantec report, “if there is one thing that can be said about the threat landscape, and Internet security as a whole, it is that the only constant is change.”10 The evolving nature of cyber threats complicates the challenge of information security management. Symantec’s report offers a number of best practice guidelines for businesses, with this suggestion at the top of the list: “Employ defense in-depth strategies. Emphasize multiple, overlapping, and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method.” 11 Predictive cyber intelligence adds critical depth and breadth to a business’s defense strategy. Unlike intrusion protection systems, firewalls, antivirus and website malware protection, and other essential elements of a strong defense, predictive cyber intelligence empowers organizations to be proactive instead of reactionary by providing the information and insights they need to get ahead of threats. Risk of Physical Attacks Security is an estimated $350.51 billion per year industry in the U.S., according to “The United States Security Industry” report, published in 2013 by ASIS International (ASIS) and the Institute of Finance & Management (IOFM). At over $350 billion, security industry spending exceeds that of both the U.S. truck and transportation industry ($275 billion) and the hotel/motel industry ($219 billion).12 This is a telling indicator of the perception of risk among businesses today. Operational security expenditures suggest that despite an increasing focus on cyber security threats, physical security risks remain a dominant concern. If $350+ billion in security spending is any indication, physical and cyber security risks are a serious concern for American businesses.
White Paper “Cyber Intelligence and Containment” Page 4 of 10 More than one in three organizations represented in the ASIS-IOFM report plan to increase spending on guard services in the upcoming year. Nearly all plan to spend the same or more on IT security.13 As security spending continues to rise, security executives are under more pressure than ever to demonstrate return on security investment. The shifting threat landscape poses a multitude of challenges: • Security focus is expanding to include intangible assets, such as intellectual property and brand reputation • Mobile workforce is creating security challenges, with companies having little or no control over locations where employees are working • Companies need external employees, associates, partners, and supply chain providers to accept shared responsibilities for security • Security executives must understand the capabilities of new technology and devices and use them strategically • Businesses are looking to security more often as a strategic advisor and resource for communicating risk “Ultimately, chief security officers — like all species — must adapt or die,” concludes a Security Management magazine article summarizing the findings of the ASIS-IOFM report. “As the report notes, ‘if top security leaders fail to promote a more business- like, strategic risk management approach to security, then the strategic thinking will be handed to others.’”14 Expenditures Private Sector Operational Security $200+ billion IT Security $80+ billion Subtotal $281+ billion Federal Government Homeland Security $69+ billion Subtotal $69+ billion Total $350+ billion
White Paper “Cyber Intelligence and Containment” Page 5 of 10 As security executives scramble to keep pace in a dynamic industry, many are incorporating predictive cyber intelligence into their security management arsenals as part of a progressive strategic risk management approach. It’s one of many vital layers of defense but the only one capable of detecting a variety of threats well before traditional security measures would. Informed by advance intelligence, security executives can harden physical security elements, strengthen operations procedures, and optimize the use of electronic security systems to contain or mitigate threats. Predictive Cyber Intelligence Attacks rarely happen spontaneously. There are typically weeks, months, even years of organization, preparation, and groundwork. Often, there are related inquiries, discussions, and/or posts on the Internet, the Darknet, and social media platforms. These risk indicators can be discovered through highly focused searches with advanced cyber monitoring technology and access to conventional and unconventional online resources. “We utilize techniques and methods to access the Darknet, an area of the Internet that most people cannot access,” explains William M. Besse, CHS-V, vice president of the Consulting, Investigations and International division at Andrews International, an affiliate of U.S. Security Associates. Besse describes the Darknet in simplified terms as an exclusive Internet for criminals, hackers, child pornographers, and people selling black market information and products, ranging from pharmaceuticals and illegal drugs to films, music, and beyond. Besse’s team helps clients around the world identify threats found on the Darknet, the Internet, and social media sites, with a proprietary system called Cyber Intelligence Protection and Containment Scan (CIPACS). CIPACS proactively scans an organization’s threat landscape for any physical security or information security threats that may be on the horizon. The system monitors underground chat channels, hacker boards, regular Internet chat rooms and discussion threads, social media postings, and other online sources for keywords such as a company name, employee name, or product name. Intelligence analysts examine the collected data and determine if a real threat exists or is potentially developing, based on the magnitude and context of online chatter. Besse’s team has been retained to provide predictive cyber intelligence for clients ranging from Fortune 500 companies to city governments, educational institutions, political candidates, and high-profile/high-net-worth individuals. Besse lists the types of threats his team routinely detects: • Computer intrusions or data thefts • Current hacks or attempts to exploit past successes Darknet internetweeks organization years months preparation groundwork inquiries discussions posts risk focused social media indicators searches cyber illegal searches advanced monitoring online technology resources black market information hackers keywords threats chatter analystsmethods criminals
White Paper “Cyber Intelligence and Containment” Page 6 of 10 • Breaches of privacy or confidentiality • Intent to physically harm a person or physically damage a facility • Negative sentiment about an industry, company, special event, or individual • Activist group plans to protest or disrupt business operations • Organization of flash mobs • Signs a civil disturbance might follow a controversial event or legal decision • Red flags that students, employees, or others may become violent • Activity and whereabouts of celebrity/VIP stalkers “We can and do provide protective cyber intelligence in anticipation of specific threats,” Besse acknowledges, “but we are suggesting that some organizations incorporate this resource into their security and risk management programs on an ongoing basis. It’s the only way to stay ahead of many threats that are out there today.” Besse says his team delivers reports on cyber intelligence findings and analyses to clients daily, weekly, or monthly, depending on circumstances. Reports indicate what is being discussed, including actual posts, and provide recommendations to help clients remediate potential risks. Protective intelligence solutions are scalable to fit the needs and budgets of organizations of any size, in any sector. From a budget perspective, Besse notes that predictive cyber intelligence is much more affordable than the security, litigation, productivity, and reputation costs arising out of an incident that could have been predicted and contained. Cyber intelligence can be used not only to detect threats but also to gauge public sentiment about anything from products to political issues. An entertainment company might work with a cyber intelligence partner to conduct public sentiment analysis about a soon-to-be-released film or album. A political candidate might engage a cyber intelligence partner to gauge what the sentiment is about him or her, or to find out what people are saying about topics like education, immigration, abortion, or taxes. Is Cyber Intelligence Part of Your Due Diligence? There is no black and white answer, but many business leaders are evaluating the return on investment and deciding “better safe than sorry.” Most security professionals recommend companies develop their security and risk management programs based on a combination of applicable regulatory, professional, and industrial standards and best practices. There are many different frameworks of guidelines and recommendations and no one-size-fits-all security and risk management solution. Further complicating matters, as threats evolve, so do the regulations and suggestions for mitigating risk. In many cases, frameworks are established not to provide Predictive cyber intelligence is much more affordable than the potential costs arising out of an incident.
White Paper “Cyber Intelligence and Containment” Page 7 of 10 standards but to encourage companies to consider their risk profiles and take effective steps to harden their defenses, detect threats in advance, and mitigate the impact of security breaches. Following is a sampling of the various frameworks with which companies may need to align their security programs. a. General Duty Clause of the Occupational Safety and Health Act of 1970 https://www.osha. gov/pls/oshaweb/owadisp.show_document?p_id=3359&p_table=oshact b. Workplace Violence Prevention and Intervention American National Standard, published by the American Society for Industrial Security (ASIS) and the Society for Human Resources Management (SHRM) http://www.shrm.org/hrstandards/documents/ wvpi%20std.pdf c. National Infrastructure Protection Plan (NIPP 2013): Partnering for Critical Infrastructure Security and Resilience, published by the Department of Homeland Security https://www. dhs.gov/national-infrastructure-protection-plan d. National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (February 12, 2014), published by the Department of Commerce http://www.nist.gov/cyberframework/upload/cybersecurity-framework- 021214-final.pdf e. GAO-12-361, March 2012 / Threats to IT Supply Chain, published by the U.S. Government Accounting Office (GAO) http://www.gao.gov/assets/590/589568.pdf AccordingtoD.C.Page,seniorvicepresidentofU.S.SecurityAssociates’consultinggroup, in many cases, an organization is best-served by engaging a security and risk management consulting firm to help navigate the challenges of establishing a security program consistent with regulations, guidelines, and best practices. Page says, “An experienced consultant can help a business answer the question of what security should be doing and then help to formulate security solutions that mitigate liability, align with business goals, and deliver a clear return on investment.” When all things are considered, many business leaders are reaching the conclusion that predictive cyber intelligence is a worthwhile investment. Forewarned Is Forearmed One of the primary missions of security is to present corporate leaders with the information they need to make informed decisions about which risks to counter and which to tolerate or insure against. Predictive cyber intelligence supports this mission. It’s an early warning system wired into the vast online frontier. Similar to an alarm system, predictive cyber intelligence alerts an organization to potential threats. From there, corporate leaders can determine an appropriate course of action to contain the threat or mitigate its impact.
White Paper “Cyber Intelligence and Containment” Page 8 of 10 Multiple, integrated layers of defense are key to a strong security posture. Layers of physical security include facility and property design elements, security procedures, and electronic security systems. Layers of information security include intrusion detection and protection systems, updated firewalls, and malware protection. Predictive cyber intelligence is another layer of protection and is unique in its capacity to detect threats that are still in the planning stages. When business leaders weigh the value of advance knowledge versus the cost of residual risk, most agree that protective cyber intelligence provides a sound return on investment. If forewarned is forearmed, in contemporary security and risk management programs, the best defense includes a good cyber offense.
White Paper “Cyber Intelligence and Containment” Page 9 of 10 ABOUT Andrews international, llc Andrews International (AI) is headquartered in Los Angeles, California and provides security and risk mitigation services throughout the United States and internationally. AI’s Consulting, Investigations & International (CI&I) Division provides threat assessments, threat management, and monitoring services to provide predictive preventive intelligence. As individuals and as a team, AI’s CI&I professionals are in demand for threat monitoring, assessment, training and interventions throughout the U.S. and around the globe. CI&I team members have traveled to hundreds of client sites to conduct surveys, develop workplace violence prevention programs and present training, and they are consulted hundreds of times every year on risks of potential violence. C&I Headquarters 66 West Flagler Street, Suite 401 Miami, FL 33130 (305) 373-8488
White Paper “Cyber Intelligence and Containment” Page 10 of 10 CITATIONS 1 “2015 Internet Security Threat Report,” Symantec, April 2015, Volume 20, 7, accessed May 27, 2015, http://www.symantec.com/security_response/publications/threatreport.jsp. 2 Ibid., 5. 3 Ibid., 78. 4 Ibid., 79. 5 “ICS-CERT Incident Response Summary Report: 2009-2011,” U.S. Department of Homeland Security, 2, accessed May 27, 2015, https://ics-cert.us-cert.gov/ICS-CERT-Incident-Response-Summary-2009-2011. 6 “ISC-CERT Operational Review: Fiscal Year 2012,” U.S. Department of Homeland Security ICS-CERT Monitor, October, November, December 2012, 5, accessed May 27, 2015, https://ics-cert.us-cert.gov/sites/ default/files/ICS-CERT_Monthly_Monitor_Oct-Dec2012_2.pdf. 7 “Trends in Incident Response in 2013,” U.S. Department of Homeland Security ICS-CERT Monitor, October, November, December 2013, 1, accessed May 27, 2015, https://ics-cert.us-cert.gov/sites/default/ files/Monitors/ICS-CERT_Monitor_Oct-Dec2013.pdf. 8 “Incident Response/Vulnerability Coordination 2014,” U.S. Department of Homeland Security ICS-CERT Monitor, September 2014-February 2015, 1, accessed May 27, 2015, https://ics-cert.us-cert.gov/sites/ default/files/Monitors/ICS-CERT_Monitor_Sep2014-Feb2015.pdf. 9 Symantec, 5-8. 10 Ibid., 5. 11 Ibid., 104. 12 “Executive Summary – The United States Security Industry,” ASIS International and the Institute of Finance & Management, 2013, 2, accessed May 27, 2015, https://www.asisonline.org/Documents/ASIS%20 IOFM%20Executive%20Summary%208.23.13.%20final.pdf 13 Ibid., 4. 14 Sherry Harowitz, “Assessing the State of the Security Industry,” Security Management, September 2013, accessed May 27, 2015, https://sm.asisonline.org/Pages/assessing-state-security-industry-0012695.aspx
Andrews International, LLC 28001 Smyth Drive, Suite 106, Valencia, CA 91355 T: 661.775.8400 F: 661.775.8794 Corporate: 866.594.0454 www.andrewsinternational.com 06-15

Recommended

2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-final2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-finalΔρ. Γιώργος K. Κασάπης
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017Ir. Indin Hasan ST, MT, IPM, ASEAN Eng
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksConstantin Cocioaba
 
Get Prepared
Get PreparedGet Prepared
Get PreparedHewlett Packard Enterprise Business Value Exchange
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestHewlett Packard Enterprise Business Value Exchange
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 

Recommended

2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-final2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-finalΔρ. Γιώργος K. Κασάπης
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017Ir. Indin Hasan ST, MT, IPM, ASEAN Eng
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksConstantin Cocioaba
 
Get Prepared
Get PreparedGet Prepared
Get PreparedHewlett Packard Enterprise Business Value Exchange
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestHewlett Packard Enterprise Business Value Exchange
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Inno Eroraha [NetSecurity]
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st centuryThe Economist Media Businesses
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentationwhmillerjr
 
Outsourcing
OutsourcingOutsourcing
Outsourcingkarlhennessy
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
CISO Survey Report 2010
CISO Survey Report 2010CISO Survey Report 2010
CISO Survey Report 2010Scientia Groups
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityEMC
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) Eoin Keary
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityMatthew Rosenquist
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
IBM Security Services
IBM Security ServicesIBM Security Services
IBM Security ServicesRainer Mueller
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response SurveyFireEye, Inc.
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 

More Related Content

What's hot

Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Inno Eroraha [NetSecurity]
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentationwhmillerjr
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityEMC
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) Eoin Keary
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityMatthew Rosenquist
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response SurveyFireEye, Inc.
 

What's hot (20)

Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic Technologies
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st century
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentation
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of Directors
 
CISO Survey Report 2010
CISO Survey Report 2010CISO Survey Report 2010
CISO Survey Report 2010
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for Cybersecurity
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019)
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
IBM Security Services
IBM Security ServicesIBM Security Services
IBM Security Services
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
 

Similar to AI-Cyber-Security-White-Papers-06-15-LR

Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
Abhishek kurre.pptx
Abhishek kurre.pptxAbhishek kurre.pptx
Abhishek kurre.pptxDolchandra
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security indexsukiennong.vn
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfgalagirishp
 
Tripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_SurveyTripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_SurveyMelloney Jewell
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013EY
 
Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Monica Rivera
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexAndreanne Clarke
 
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docxRunning Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docxcharisellington63520
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeNishantSisodiya
 

Similar to AI-Cyber-Security-White-Papers-06-15-LR (20)

Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
 
Abhishek kurre.pptx
Abhishek kurre.pptxAbhishek kurre.pptx
Abhishek kurre.pptx
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security index
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
Tripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_SurveyTripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_Survey
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013
 
Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence Index
 
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docxRunning Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 

AI-Cyber-Security-White-Papers-06-15-LR

  • 1. Every day brings news of cyberattacks and physical violence targeting businesses and public and private institutions.Theseincidentsinevitablyraisequestions about whether organizations are doing all they can to protect people, property, and information. Investigations reveal that there are often red flags and warning signs leading up to incidents that conventional security measures fail to detect. Pre-Incident Indicators signaling potential danger frequently appear on social media platforms, the Internet, and the Darknet, an area of the Internet that facilitates criminal communication and activity. The challenge is for organizations to discover the signs and contain threats before damage is done. A growing number of organizations are now using predictive cyber intelligence to go on the offensive against a range of physical and information security threats. With the help of professional risk assessment analysts,whousesophisticatedintelligence-gathering software and powerful hardware integration to monitor public information, organizations can stay ahead of threats that might slip past traditional security defenses. With predictive cyber intelligence functioning as an early warning system, in many cases, businesses can prevent specific threats from even reaching their defensive lines. White Paper “Cyber Intelligence and Containment” The Best Security Defense Includes a Good Cyber Offense
  • 2. ©2015 Andrews International, LLC Andrews International’s white papers are made available for educational purposes only, not to provide security and risk management consultation or legal advice. Although the intent is to deliver accurate and authoritative information on the subject matter covered, we do not represent, warrant, undertake, or guarantee that this white paper reflects the most current legal developments, regulatory actions, or court decisions. Andrews International is not responsible for any errors or omissions in content or for damages arising from the use or performance of this information under any circumstances. We encourageyoutocontactusorlegalcounselforspecificadviceonyourparticularconcerns. Thispaperisprotectedbycopyrightlaw.Youmayreproduceanddistributethiswhitepaper for your individual, noncommercial use. All other uses require the express permission of Andrews International.
  • 3. White Paper “Cyber Intelligence and Containment” Page 1 of 10 Does Your Organization Face Threats That Could Be Predicted Through Cyber Intelligence? The simple answer is yes. No organization is immune to threats that could be anticipated through cyber intelligence. Businesses and institutions in every industrial sector are targeted for attacks of all kinds, and size is no object. In 2014, 60% percent of all targeted cyberattacks struck small- and medium-sized organizations.1 Below are examples illustrating the range of threats that can be predicted through cyber intelligence-gathering and analysis. Companies operating as part of the nation’s critical infrastructure are particularly at risk of attack and have a heightened responsibility to mitigate threats, because attacks against them impact national security. Not only are these companies at elevated risk but also their providers of goods and services (supply chain), and their executives and other personnel with special IT privileges or access. Risk of Cyberattacks Cyberattacks are escalating in number and in scale, according to reports from public and private sources. Symantec’s 2015 Internet Security Threat Report characterizes 2014 as “a year with far- reaching vulnerabilities, faster attacks, files held for ransom, and far more malicious code than in previous years.”2 The report shows a 23% increase in the number of • Targeted attacks to steal sensitive or confidential information • Data breaches from hacking, accidental disclosures, or device theft/loss • E-crime to generate money, involving malware, botnets, ransomware, disruption of website operations, etc. • Social media scams and mobile threats • Phishing and spam • Physical security breaches • Physical harm or damage to premises or property • Physical injury to people (employees, customers, visitors, etc.) • Civil disturbances • Flash mob incidents Cyber Threats Physical Threats The Department of Homeland Security (DHS) has identified the following 15 industries as “critical infrastructure”: • chemical • communications • critical manufacturing • dams • defense • emergency services • energy • financial services • food and agriculture • government facilities • healthcare and public health • information technology • nuclear reactors and materials • transportation systems • water and wastewater systems
  • 4. White Paper “Cyber Intelligence and Containment” Page 2 of 10 breaches in 2014, following a 62% increase in 2013.3 The scale of attacks is also on the rise. For example, in 2013 alone, the average number of identities exposed per breach climbed 261%.4 Attacks targeting critical infrastructure companies are the focus of the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), operated by the Department of Homeland Security. ISC-CERT incident response numbers reflect a sharp increase in attacks against critical infrastructure operators from 2009 to 20115 . Attacks held steady in 20126 followed by another significant jump in 20137 . Even with a slight drop in 2014, incident response numbers continue to show a 600% increase over the numbers reported in 2010 8 . 201420132012 156 253 312 Number of Breaches Per Year 201420132012201120102009 9 41 198 198 256 245 ICS-CERT Incident Response Activity
  • 5. White Paper “Cyber Intelligence and Containment” Page 3 of 10 Analysis of data collected through the Symantec Global Intelligence Network reveals 7 trends that emerged in 20149 : • Attackers are moving faster, defenses are not • Attackers are streamlining and upgrading their techniques, while companies struggle to fight old tactics • Cyberattackers are leapfrogging defenses in ways companies lack insight to anticipate • Malware used in mass attacks increases and adapts • Digital extortion on the rise: 45 times more people had their devices held hostage in 2014 • Cybercriminals are leveraging social networks and apps to do their dirty work • Internet of Things is not a new problem, but an ongoing one According to the Symantec report, “if there is one thing that can be said about the threat landscape, and Internet security as a whole, it is that the only constant is change.”10 The evolving nature of cyber threats complicates the challenge of information security management. Symantec’s report offers a number of best practice guidelines for businesses, with this suggestion at the top of the list: “Employ defense in-depth strategies. Emphasize multiple, overlapping, and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method.” 11 Predictive cyber intelligence adds critical depth and breadth to a business’s defense strategy. Unlike intrusion protection systems, firewalls, antivirus and website malware protection, and other essential elements of a strong defense, predictive cyber intelligence empowers organizations to be proactive instead of reactionary by providing the information and insights they need to get ahead of threats. Risk of Physical Attacks Security is an estimated $350.51 billion per year industry in the U.S., according to “The United States Security Industry” report, published in 2013 by ASIS International (ASIS) and the Institute of Finance & Management (IOFM). At over $350 billion, security industry spending exceeds that of both the U.S. truck and transportation industry ($275 billion) and the hotel/motel industry ($219 billion).12 This is a telling indicator of the perception of risk among businesses today. Operational security expenditures suggest that despite an increasing focus on cyber security threats, physical security risks remain a dominant concern. If $350+ billion in security spending is any indication, physical and cyber security risks are a serious concern for American businesses.
  • 6. White Paper “Cyber Intelligence and Containment” Page 4 of 10 More than one in three organizations represented in the ASIS-IOFM report plan to increase spending on guard services in the upcoming year. Nearly all plan to spend the same or more on IT security.13 As security spending continues to rise, security executives are under more pressure than ever to demonstrate return on security investment. The shifting threat landscape poses a multitude of challenges: • Security focus is expanding to include intangible assets, such as intellectual property and brand reputation • Mobile workforce is creating security challenges, with companies having little or no control over locations where employees are working • Companies need external employees, associates, partners, and supply chain providers to accept shared responsibilities for security • Security executives must understand the capabilities of new technology and devices and use them strategically • Businesses are looking to security more often as a strategic advisor and resource for communicating risk “Ultimately, chief security officers — like all species — must adapt or die,” concludes a Security Management magazine article summarizing the findings of the ASIS-IOFM report. “As the report notes, ‘if top security leaders fail to promote a more business- like, strategic risk management approach to security, then the strategic thinking will be handed to others.’”14 Expenditures Private Sector Operational Security $200+ billion IT Security $80+ billion Subtotal $281+ billion Federal Government Homeland Security $69+ billion Subtotal $69+ billion Total $350+ billion
  • 7. White Paper “Cyber Intelligence and Containment” Page 5 of 10 As security executives scramble to keep pace in a dynamic industry, many are incorporating predictive cyber intelligence into their security management arsenals as part of a progressive strategic risk management approach. It’s one of many vital layers of defense but the only one capable of detecting a variety of threats well before traditional security measures would. Informed by advance intelligence, security executives can harden physical security elements, strengthen operations procedures, and optimize the use of electronic security systems to contain or mitigate threats. Predictive Cyber Intelligence Attacks rarely happen spontaneously. There are typically weeks, months, even years of organization, preparation, and groundwork. Often, there are related inquiries, discussions, and/or posts on the Internet, the Darknet, and social media platforms. These risk indicators can be discovered through highly focused searches with advanced cyber monitoring technology and access to conventional and unconventional online resources. “We utilize techniques and methods to access the Darknet, an area of the Internet that most people cannot access,” explains William M. Besse, CHS-V, vice president of the Consulting, Investigations and International division at Andrews International, an affiliate of U.S. Security Associates. Besse describes the Darknet in simplified terms as an exclusive Internet for criminals, hackers, child pornographers, and people selling black market information and products, ranging from pharmaceuticals and illegal drugs to films, music, and beyond. Besse’s team helps clients around the world identify threats found on the Darknet, the Internet, and social media sites, with a proprietary system called Cyber Intelligence Protection and Containment Scan (CIPACS). CIPACS proactively scans an organization’s threat landscape for any physical security or information security threats that may be on the horizon. The system monitors underground chat channels, hacker boards, regular Internet chat rooms and discussion threads, social media postings, and other online sources for keywords such as a company name, employee name, or product name. Intelligence analysts examine the collected data and determine if a real threat exists or is potentially developing, based on the magnitude and context of online chatter. Besse’s team has been retained to provide predictive cyber intelligence for clients ranging from Fortune 500 companies to city governments, educational institutions, political candidates, and high-profile/high-net-worth individuals. Besse lists the types of threats his team routinely detects: • Computer intrusions or data thefts • Current hacks or attempts to exploit past successes Darknet internetweeks organization years months preparation groundwork inquiries discussions posts risk focused social media indicators searches cyber illegal searches advanced monitoring online technology resources black market information hackers keywords threats chatter analystsmethods criminals
  • 8. White Paper “Cyber Intelligence and Containment” Page 6 of 10 • Breaches of privacy or confidentiality • Intent to physically harm a person or physically damage a facility • Negative sentiment about an industry, company, special event, or individual • Activist group plans to protest or disrupt business operations • Organization of flash mobs • Signs a civil disturbance might follow a controversial event or legal decision • Red flags that students, employees, or others may become violent • Activity and whereabouts of celebrity/VIP stalkers “We can and do provide protective cyber intelligence in anticipation of specific threats,” Besse acknowledges, “but we are suggesting that some organizations incorporate this resource into their security and risk management programs on an ongoing basis. It’s the only way to stay ahead of many threats that are out there today.” Besse says his team delivers reports on cyber intelligence findings and analyses to clients daily, weekly, or monthly, depending on circumstances. Reports indicate what is being discussed, including actual posts, and provide recommendations to help clients remediate potential risks. Protective intelligence solutions are scalable to fit the needs and budgets of organizations of any size, in any sector. From a budget perspective, Besse notes that predictive cyber intelligence is much more affordable than the security, litigation, productivity, and reputation costs arising out of an incident that could have been predicted and contained. Cyber intelligence can be used not only to detect threats but also to gauge public sentiment about anything from products to political issues. An entertainment company might work with a cyber intelligence partner to conduct public sentiment analysis about a soon-to-be-released film or album. A political candidate might engage a cyber intelligence partner to gauge what the sentiment is about him or her, or to find out what people are saying about topics like education, immigration, abortion, or taxes. Is Cyber Intelligence Part of Your Due Diligence? There is no black and white answer, but many business leaders are evaluating the return on investment and deciding “better safe than sorry.” Most security professionals recommend companies develop their security and risk management programs based on a combination of applicable regulatory, professional, and industrial standards and best practices. There are many different frameworks of guidelines and recommendations and no one-size-fits-all security and risk management solution. Further complicating matters, as threats evolve, so do the regulations and suggestions for mitigating risk. In many cases, frameworks are established not to provide Predictive cyber intelligence is much more affordable than the potential costs arising out of an incident.
  • 9. White Paper “Cyber Intelligence and Containment” Page 7 of 10 standards but to encourage companies to consider their risk profiles and take effective steps to harden their defenses, detect threats in advance, and mitigate the impact of security breaches. Following is a sampling of the various frameworks with which companies may need to align their security programs. a. General Duty Clause of the Occupational Safety and Health Act of 1970 https://www.osha. gov/pls/oshaweb/owadisp.show_document?p_id=3359&p_table=oshact b. Workplace Violence Prevention and Intervention American National Standard, published by the American Society for Industrial Security (ASIS) and the Society for Human Resources Management (SHRM) http://www.shrm.org/hrstandards/documents/ wvpi%20std.pdf c. National Infrastructure Protection Plan (NIPP 2013): Partnering for Critical Infrastructure Security and Resilience, published by the Department of Homeland Security https://www. dhs.gov/national-infrastructure-protection-plan d. National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (February 12, 2014), published by the Department of Commerce http://www.nist.gov/cyberframework/upload/cybersecurity-framework- 021214-final.pdf e. GAO-12-361, March 2012 / Threats to IT Supply Chain, published by the U.S. Government Accounting Office (GAO) http://www.gao.gov/assets/590/589568.pdf AccordingtoD.C.Page,seniorvicepresidentofU.S.SecurityAssociates’consultinggroup, in many cases, an organization is best-served by engaging a security and risk management consulting firm to help navigate the challenges of establishing a security program consistent with regulations, guidelines, and best practices. Page says, “An experienced consultant can help a business answer the question of what security should be doing and then help to formulate security solutions that mitigate liability, align with business goals, and deliver a clear return on investment.” When all things are considered, many business leaders are reaching the conclusion that predictive cyber intelligence is a worthwhile investment. Forewarned Is Forearmed One of the primary missions of security is to present corporate leaders with the information they need to make informed decisions about which risks to counter and which to tolerate or insure against. Predictive cyber intelligence supports this mission. It’s an early warning system wired into the vast online frontier. Similar to an alarm system, predictive cyber intelligence alerts an organization to potential threats. From there, corporate leaders can determine an appropriate course of action to contain the threat or mitigate its impact.
  • 10. White Paper “Cyber Intelligence and Containment” Page 8 of 10 Multiple, integrated layers of defense are key to a strong security posture. Layers of physical security include facility and property design elements, security procedures, and electronic security systems. Layers of information security include intrusion detection and protection systems, updated firewalls, and malware protection. Predictive cyber intelligence is another layer of protection and is unique in its capacity to detect threats that are still in the planning stages. When business leaders weigh the value of advance knowledge versus the cost of residual risk, most agree that protective cyber intelligence provides a sound return on investment. If forewarned is forearmed, in contemporary security and risk management programs, the best defense includes a good cyber offense.
  • 11. White Paper “Cyber Intelligence and Containment” Page 9 of 10 ABOUT Andrews international, llc Andrews International (AI) is headquartered in Los Angeles, California and provides security and risk mitigation services throughout the United States and internationally. AI’s Consulting, Investigations & International (CI&I) Division provides threat assessments, threat management, and monitoring services to provide predictive preventive intelligence. As individuals and as a team, AI’s CI&I professionals are in demand for threat monitoring, assessment, training and interventions throughout the U.S. and around the globe. CI&I team members have traveled to hundreds of client sites to conduct surveys, develop workplace violence prevention programs and present training, and they are consulted hundreds of times every year on risks of potential violence. C&I Headquarters 66 West Flagler Street, Suite 401 Miami, FL 33130 (305) 373-8488
  • 12. White Paper “Cyber Intelligence and Containment” Page 10 of 10 CITATIONS 1 “2015 Internet Security Threat Report,” Symantec, April 2015, Volume 20, 7, accessed May 27, 2015, http://www.symantec.com/security_response/publications/threatreport.jsp. 2 Ibid., 5. 3 Ibid., 78. 4 Ibid., 79. 5 “ICS-CERT Incident Response Summary Report: 2009-2011,” U.S. Department of Homeland Security, 2, accessed May 27, 2015, https://ics-cert.us-cert.gov/ICS-CERT-Incident-Response-Summary-2009-2011. 6 “ISC-CERT Operational Review: Fiscal Year 2012,” U.S. Department of Homeland Security ICS-CERT Monitor, October, November, December 2012, 5, accessed May 27, 2015, https://ics-cert.us-cert.gov/sites/ default/files/ICS-CERT_Monthly_Monitor_Oct-Dec2012_2.pdf. 7 “Trends in Incident Response in 2013,” U.S. Department of Homeland Security ICS-CERT Monitor, October, November, December 2013, 1, accessed May 27, 2015, https://ics-cert.us-cert.gov/sites/default/ files/Monitors/ICS-CERT_Monitor_Oct-Dec2013.pdf. 8 “Incident Response/Vulnerability Coordination 2014,” U.S. Department of Homeland Security ICS-CERT Monitor, September 2014-February 2015, 1, accessed May 27, 2015, https://ics-cert.us-cert.gov/sites/ default/files/Monitors/ICS-CERT_Monitor_Sep2014-Feb2015.pdf. 9 Symantec, 5-8. 10 Ibid., 5. 11 Ibid., 104. 12 “Executive Summary – The United States Security Industry,” ASIS International and the Institute of Finance & Management, 2013, 2, accessed May 27, 2015, https://www.asisonline.org/Documents/ASIS%20 IOFM%20Executive%20Summary%208.23.13.%20final.pdf 13 Ibid., 4. 14 Sherry Harowitz, “Assessing the State of the Security Industry,” Security Management, September 2013, accessed May 27, 2015, https://sm.asisonline.org/Pages/assessing-state-security-industry-0012695.aspx
  • 13. Andrews International, LLC 28001 Smyth Drive, Suite 106, Valencia, CA 91355 T: 661.775.8400 F: 661.775.8794 Corporate: 866.594.0454 www.andrewsinternational.com 06-15