The roundtable, which took place on Feb. 9 and hosted by Advisory Board member Todd Inskeep, discussed the rise of ransomware to become the new normal, and a new type of attack that could become very popular in the coming years.
“This was my prediction a year ago that data as a weapon attack will pick up in scale and scope, but even I underestimated how this would play out,” said co-founder and CTO of CrowdStrike Inc., Dmitri Alperovitch. “This is now the new normal, where not only hackers, but sovereign states, are using these methods.”
In 2016, ransomware attacks began to focus on enterprise systems by looking for backups and network shares, and those attacks were relatively successful. “You should assume you’re going to be hit by some form of ransomware,” said Wade Baker, founder of Cyentia Institute.
With the increase of data breaches in 2016 came a new area that was consistently under attack on top of data: reputation.
“Reputation is almost becoming more important than confidentiality. Our boards are going to be just as concerned about how we manage our reputation as well as the management of data,” said Benjamin Jun, CEO of HVF Labs.
The security specialists pointed to the Democratic National Committee (DNC) hack during the most recent U.S. election as a hack that targeted reputation rather than actual data. If one or two emails are faked, it’s hard to prove that one of them is fake when the rest of them are real, said Inskeep.
“We might see integrity attacks. It’s very hard to prove a negative, and you may be in a position to prove that your data has not been attacked,” said Wendy Nather, Duo Security’s principal security strategist.
To counter the increase in data breaches, across the board the security panel agreed that we as a community need to have better threat intelligence sharing.
“The evolution from information sharing, which was often very slow, to intelligence sharing has been a good trend last year,” said Ed Skoudis, founder of Counter Hack. “Sharing threat intelligence is a big change and a good one because you’re now sharing who the bad guys are, how it happened, etc.”
To continue this trend of threat intelligence sharing, organizations need to be able to report what happened without being shamed or embarrassed. It was suggested that in order to help each other, the community has to work on threat intelligence channels so that the people who need this information can learn and grow.
“I’m interested in disclosing data breach information to the public. Obviously not what was actually leaked, but a domain name, the number of files, etc. The thing I keep looking for is what entity can decide this, and how we can decide the minimum amount you need to share. Then as more [breaches are reported], we can make better decisions,” said Baker.