Cyber Theft: You can’t stop it, so how fast can you respond?
An FBI agent shows up at your door with company data and asks, ‘What do you want to know?’
This is how Richard Bejtlich, chief security officer, Mandiant, began his cyber-security discussion with a packed room of Vantage 2013 attendees today. He advised attendees it’s really not about if you will get hacked or have data stolen – it’s inevitable that you will – but how fast you respond to big data theft.
Data theft is shifting from large primary, more secure targets to less guarded targets like law firms where access to 100-1,000 client companies saves a hacker time and effort. And while data theft is a crime, Bejtlich stated that it’s really one of the only crimes where you wouldn’t normally call 911, because the bad guys are so elusive.
So is it worth fighting back? Bejtlich says definitely yes. In this brief recap of his session, he defines three points that each security person should be considering today.
“You can’t solve this problem with a firewall, or anti-virus software,” he said. “Your awakening, your new reality, or the overused “new normal,” is simply how fast can you stop a cyber theft.”
There is one common element with this type of theft: that there’s a human involved. This isn’t a malware theft, but a directed theft for specific information. The objective for firms targeted for cyber-attack: identify the breach and stop it as quickly as you can.
A 1,000-lawyer firm today should have six full-time data security staff people, according to Bejtlich. And firms should aim for a one-hour response time for plugging the leak when data theft has been identified.
For more information on cyber security preparations, Bejtlich suggests security experts read a free Mandiant cyber report, available at intelreport.mandiant.com. In early July, his new book “The Practice of Network Security Monitoring,” will be available at nostarch.com/nsm. This book is written expressly for security officers in corporations and law firms.
You can follow Richard Bejtlich at his blog and on his Twitter feed at @taosecurity.
