Source URL: https://blog.talosintelligence.com/do-we-still-have-to-keep-doing-it-like-this/
Source: Cisco Talos Blog
Title: Do we still have to keep doing it like this?
Feedly Summary: Hazel gets inspired by watching Wendy Nather’s recent keynote, and explores ways to challenge security assumptions.
AI Summary and Description: Yes
**Summary:** The text discusses the ongoing challenges in information security as highlighted by expert Wendy Nather, along with the introduction of a new attack vector known as Bring Your Own Vulnerable Driver (BYOVD). It emphasizes the need for professionals to rethink their approach toward security awareness training and mitigation strategies in light of evolving threats.
**Detailed Description:**
– **Theme of Security Challenges:**
– Wendy Nather, a well-known figure in the security field, addresses why security remains challenging even after many years. Her keynote at BSides NYC was centered around the question: “When do we get to play in easy mode?”.
– She presented the “Hard Problems” list from 2005, which includes issues that persist today. Key problems include:
– Global scale identity management
– Insider threats
– Availability of time-critical systems
– Building scalable secure systems
– Attack attribution and situational understanding
– Information provenance
– Security with privacy considerations
– Enterprise-level security metrics
– **Increasing Complexity:**
– Security has become more complicated over the years due to the increasing complexity of infrastructure and the interconnectivity of systems. Breaches now have wider ripple effects thanks to shared infrastructures and supply chains.
– **Rethinking Approaches to Security Awareness:**
– Nather advocates for a shift in how organizations handle user awareness training. The traditional method of testing and educating employees about avoiding phishing attacks may not be as effective as hoped. There is a risk that individuals may actually become more complacent after repeated training.
– She emphasizes treating personnel as assets rather than liabilities, and encourages organizations to foster a culture of security awareness and responsibility.
– **New Threat: Bring Your Own Vulnerable Driver (BYOVD):**
– A significant point mentioned is the BYOVD technique, where attackers exploit vulnerable drivers that are already present in the victim’s system.
– Cisco Talos has reported this trend, showing that exploitation has shifted from advanced persistent threats to commodity threats associated with ransomware.
– Mitigation strategies suggested include:
– Enforcement of Extended Validation (EV) and Windows Hardware Quality Labs (WHQL) certified drivers.
– Utilizing Windows Defender Application Control to block known vulnerable drivers.
– **Security Headlines and Upcoming Events:**
– The text concludes with a summary of notable security incidents and upcoming events related to Cisco Talos, indicating the ongoing vigilance needed in the field of cybersecurity.
This analysis emphasizes the enduring nature of information security challenges and the need for strategic shifts in addressing these issues, as well as new risks posed by evolving attack techniques. Security professionals need to adapt to these complexities while nurturing a culture of engagement and responsibility within their organizations.