In this SearchSecurity podcast, recorded at the 2013 Gartner Security and Risk Management Summit, Richard Hunter, vice president and fellow with Stamford, Conn.-based Gartner Inc., provides an overview of the enterprise cyberthreat landscape.
Hunter details how the increasing democratization of technology is enabling anyone with a computer and an Internet connection to launch effective automated attacks on enterprises. Even with the spectrum of attackers widening, he also explains how both individual attackers and hacking groups are using professional software development characteristics (e.g., planning, schedules and review) with devastating effects. Between these increasingly sophisticated attackers and the growing threat of cyberespionage, Hunter believes the situation will only continue to worsen.
To skip ahead to certain sections, see times below:
[0:34] First, let's talk about how enterprises should approach the cyberthreat landscape. Are there still a few major threats that affect most enterprises, or does each enterprise face a unique set of threats?
[2:29] The term 'advanced persistent threat', or APT, is widely known, but also widely misused. What are your thoughts on the term, and is there better language to describe advanced threats?
[3:36] Does a persistent threat necessarily need to be advanced?
[4:40] In terms of automated attacks, DDoS [distributed denial-of-service] attacks have made a lot of news recently with the Spamhaus attack. What are enterprises doing to get their arms around larger and more sophisticated DDoS attacks?
[5:42] There's been a lot of talk about supply chain compromises. How seriously are enterprises taking these threats, and what are they doing about them?
[7:30] Would you say that attackers are taking on more professional software development characteristics, and if so, what is that going to mean for enterprise defenses?
[10:30] Cyberespionage is a topic that's been in the spotlight for all of 2013, first with the Mandiant APT1 report, and then the various allegations between the U.S. and China regarding cyberespionage activities. Tell me about the conversations you're having with IT security managers. What are their concerns?
[11:29] Some experts have suggested hacking back as a way to retaliate against nation-state cyberespionage. Do you think such a strategy could be effective, or even legal?
[12:51] When discussing the origination of attacks, who is attacking; is there any value for an enterprise knowing who is attacking and from where?
[15:07] Is information sharing between enterprises becoming a more pressing matter as businesses continually find themselves in clashes with nation-states that have more funds and manpower?
[16:11] Are more enterprises seeing security as a legitimate part of the business? Are CISOs gaining a better footing with C-level executives?
[17:43] In what ways can an enterprise measure how IT security risks could impact the business?
[19:15] Should the risk management process be handled centrally or locally within an enterprise?
[21:30] Security is often seen as a sinkhole for enterprises, but are there also business benefits to properly managing IT risk?