Another day, another breach. But what can we learn from these big hacks, and why aren’t we learning faster?
Mining these lessons learned and sharing them with the community so we can all better defend ourselves is Jim Jaeger’s mission. He is the chief cyber strategist for Arete Advisors Inc., where he leads a team of experienced cyber incident responders and forensic specialists. The most important lesson, Jaeger told WashingtonExec’s Cyber Council, is to understand that robust network monitoring is critical.
“You need to detect breaches before the hackers can do their damage,” he said.
In his presentation, Jaeger walked through two major information security breaches his team has worked on over the last decade. A breach has many parts; simply looking for evidence of an intrusion is an efficient—or effective—way of keeping data safe. What security teams should really be looking for, Jaeger said, is the movement of data either within or out of a network.
“Both of these cases cost the victims hundreds of millions of dollars, which could have been avoided if they had detected the breach, not just in days or weeks but even in the first couple of months,” he said.
The importance of monitoring network activity seems like a straightforward lesson to learn, but Jaeger has seen many companies making the same mistake over his 25 years as a cybersecurity specialist.
So what’s the hold up?
That’s a good question, he told WashingtonExec. Part of it is cost: Tools and expertise don’t come cheap.
“Part of it is not really understanding the threat and the risks to your organization, whether you are a government entity or a commercial firm,” he said.
And, finally, part of it has been companies’ unwillingness to discuss details of their own cybersecurity incidents and learn from each other. It’s gotten a bit better in recent years: as getting hacked has become more and more common, the stigma is slowly starting to fade.
But while many companies are willing to acknowledge the hack when it occurs, “they are reluctant to have that [in-depth] discussion for months and years after the hack,” Jaeger said. And that, he added, is where the lessons learned become so critical.
“This is why forums like the WashingtonExec Cyber Council are so important – it’s because they do provide a professional environment to share and discuss and wrestle with some of the implications of these lessons,” he said.
“There are a few CIOs now who frankly get it, and while they don’t like to have their breech discussed openly and in public, they will support discussions in a forum like WashingtonExec where it’s their counterparts that are wrestling with these issues and it’s not the open press,” Jaeger added.
Interested in joining WashingtonExec’s Cyber Council? Become a member of WashingtonExec today.