Interview with Ramsés Gallego, Strategist & Evangelist, Symantec, Office of the CTO over Cybersecurity Challenges, Risks, Impacts for European organizations
TIG. The cyber threat landscape is constantly evolving: what are the new cyber attacks trends that you are observing as regards organizations in Europe and all over the world?
Ramsés Gallego. We are seeing that the attack surface is amplified and that the threat landscape is changing. We observe a situation characterized by blended threats, attacks that are based on combined approaches. The email remains the main vector, but we have to consider that today the email is in fact a cloud platform that we use for different tasks: for communicating, working, collaborating, writing on shared documents and so on. Also, attackers are coming with many more sophisticated tools, similar to PowerShell (the automation platform and scripting language for Windows) that allow a simplified approach to hacking, letting you do whatever you want when you accessing a server.
TIG. In recent years many large organization have suffered large data breaches, a fact that demonstrates that today hackers are able to access large amount of information stored internally, employees personal data, account details or customer payment card data. When it comes to breaches, what are the lessons to be learned?
Ramsés Gallego. Today nothing is worse that a false sense of security. If we consider that the perimeter of risk is so amplified, that we have mobile devices, and we rely on a cloud of different clouds, that the Internet of things is spreading all around us, it is evident that we don’t even know where all our data reside, where they live and whether they are safe or not. This is why we need to take an Information-centric approach to secure our data and systems (as the one provided by Data Loss Prevention solutions) that allows us to know where the critical information reside, to classify according to its relevance, to protect it. Data breaches are happening but it’s very difficult to detect them, as attackers are continuously inventing new techniques to access systems. It’s important, to prevent this Data exfiltration, to analyze the pattern of intrusions and to monitor the infrastructure in order to detect eventual anomalies.
TIG. Today the security analyst work can benefit of machine learning and Artificial Intelligence techniques …
Ramsés Gallego. It’s amazing how with these advanced tools, that Symantec actually is already exploiting in 12 of its products, the answer arrives in seconds instead of days. A machine learning product can gather huge amount of information and then can tell you what is happening in a specific moment. Also, it can predict what could happen in the future. As an example, the Symantec Endpoint Protection 14 product supports advanced machine learning AI to deliver maximum protection at the endpoint with minimal false positives. It employs advanced machine learning on both the endpoint and in the cloud, while taking advantage of additional artificial intelligence mechanisms in the cloud. Pulling from Symantec Global Intelligence Network, machine learning is used in the cloud to detect unknown threats or evolving threat families during the early part of infection, in order to stop threats before they have a chance to execute. Symantec systems are always learning to distinguish between good files and bad files, leveraging prior intelligence and trained machines.
TIG. Today we are in the midst of a transition to a new common Privacy norm in Europe, the General Data protection regulation, that we’ll be in force from May 2018. From your point of view, which is the impact of the GDPR over EU organizations, as regards their security posture and cyber risk management maturity?
Ramsés Gallego. Up to date there has been a main focus over technology, but with the GDPR, the emphasis will inevitably shift to the transformation of internal processes. As regards the state of the art of the migration to the new Privacy law, there are today many organization that are aware they will be late for the deadline of May 2018. In Symantec we have mapped the law requirements in terms of solutions required for the compliance, in order to help European organizations in their effort to understand the technology and choose the right solutions to protect personal data in the right way, when and where it is asked by the norm. It has to be noted that the word “reasonable” is mentioned 37 times in the norm: this means that each organization has to find the solution that best fits to its specific needs, to its risk profile, in order to get the Security Posture that is most suitable for its specific situation.
TIG. Just a few weeks ago, a global cyber attack, the Ransomware WannaCry, demonstrated that after the theft of the NSA “cyber weapons”, even critical services (as those provided by hospitals and public transport) can be vulnerable, if they continue to rely on obsolete operating systems for which there are no security patches. Which are the lessons we can derive from this devastating event?
Ramsés Gallego. The question today is not if we have to worry for WannaCry, but instead for something different and more dangerous next time. It has to be known that the very same day the WannaCry attack was spreading, last Friday 12th of May, there was also an another attack that was exploiting the same vulnerability, but that got largely unnoticed. Weeks before WannaCry burst onto the scene, a botnet, Adylkuzz, was exploiting the same vulnerability, infecting various hundreds of thousand computers (without leaving any trace) to monetize their computing power and to mine a cryptocurrency (Monero). This tell us that today we have to be very careful and aware of what is happening, to set up all the defenses required, where it’s mostly needed, knowing that the bud guys will try to do it again and again.
A TIG INTERVIEW with:
Strategist & Evangelist, Symantec, Office of the CTO