Security experts were among the panelists at First Data’s Cyber Security Symposium “Commerce in the Crosshairs: Solutions to the Growing Threat.” The symposium, held in New York on March 18, was First Data’s first event on the topic. The first panel of the day featured John Watters, CEO of iSIGHT Partners, and Art Coviello, executive chairman of RSA Security.
In his remarks to introduce the panel, First Data president Guy Chiarello said, “There are a few things I know for sure: the frequency of attacks will increase, the sophistication of attacks will increase, and the impact on global business will increase.”
Watters says what surprised him most about the recent attacks were their sophistication and coordination: “We hadn’t seen anything of that scale before.”
Coviello adds that cyberattacks of the past were “smash and grab” in nature, where criminals broke in to a system and took what they could. Now criminals are infiltrating systems, taking their time to do reconnaissance and recognizing defenses before they attack.”
Businesses are challenged to recognize the threat and accept the idea that they could be targets. Watters points out the next targets will be the ones that provide the easiest pathway for criminals to monetize the assets they steal.
Rather than taking a reaction-based approach to security, both Watters and Coviello advise a risk-based approach — considering the business’s assets that could be at risk as well as threats from the outside.
Watters says attackers have playbooks, specific to certain sectors and infrastructures. He says intelligence is necessary to detect “technical audibles” called from the playbook, flagging meaningful threats from among noise in communications. Taking an approach that starts with intelligence allows you to put the right defenses in place. “If you try to protect yourself against everything, you protect yourself from nothing,” he comments.
Coviello also stresses the necessity of communication. “The mark of security is being able to share information at line speed.”
Coviello says education about threats and how the business can respond is a part first meetings with a new client. Watters says iSIGHTPARTNERS performs threat diagnostics to show the business the security events that could be immediately possible.
Both say this isn’t intended to frighten the client — actually the opposite. Coviello quotes Marie Curie: “Nothing in life is to be feared, it is only to be understood. Now is the time to understand more, so that we may fear less.”
A business owner in the audience during the panel discussion asked what businesses can do if their staffs lack the skills to take a risk-based approach to security. Watters says creating best-in-class solutions and making them broadly available through managed services providers could benefit business like these.