At the Cyber Startup Summit, held earlier this week in the Science Gallery at TCD the former COO (Chief Operations Officer) of the FBI and the current CISO (Chief Information Security Officer) of Citi, Thomas Harrington, gave the last keynote speech. Having worked for the FBI during 911 and its aftermath, he has seen the increased threat of cyber attacks and he is convinced that the next wars will start online with cyber attacks.
Most cyber attacks will be done by terrorist groups such ISIS rather than nation states and some of their future weapons of choice will be the type of Malware that was used against Sony. As they also have a healthy supply of money, they are going to countries such as India to recruit coders for projects, at an average salary of $10k per project.
In his current job at Citi, Thomas told us what threats financial institutions including banks face and how they deal with them. He mentioned the following facts:
One of the biggest threats is insider threats.
Every 16 seconds Citi are under attack.
Shared information on breaches amongst banks helps the financial sector and three days before JP Morgan publicly announced their breach they told Citi.
When it comes to dealing with breaches Thomas mentioned that you have to know the following:
Who is attacking us?
Why are they attacking us?
What time are they attacking us?
Who is the person or department most attacked in your company?
To lessen the chances of a security breach Thomas noted that you need to do the following:
Have the right people in your company as they make judgment calls.
It’s best to work in a team as you get more done with team work than on your own.
As insider threats are becoming an issue creating an insider program to help combat this is very important.
Embrace the cyber kill chain which has seven steps as seen below.Make sure that any third party vendors you use are protecting themselves and your business.
When it comes to testing how secure your business is, Thomas advised that you always run cyber war games over eight weeks because:
It helps you prepare for any breaches that might happen.
Shows you who does what in your organisation and also who should do what.
Develop a playbook so that you can cover most if not all scenarios that may occur as well and also develop national crisis management.
As for the future Thomas mentioned the following:
Talent is an issue and more people need to be doing cyber security courses to get skills needed.
Technologists such as Apple or google are going to be having problems with legislators.
More collaboration needed between governments to form taskforces.
Disruptive malware will still be an issue.
Monitoring the Dark web is very important and is done daily.