A CSO's guide to defending against targeted cyber attacks
By automatically discovering and managing privileged accounts throughout the network, Lieberman Software helps secure access to sensitive systems and data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. The company developed the first solution for the privileged account management space, and its products continue to lead the market in features and functionality. Lieberman Software is headquartered in Los Angeles, CA with an office in Austin, TX and channel partners throughout the world. For more information, visit www.liebsoft.com.
Rake Narang: What can we learn from the recent cyber attacks on the New York Times, Twitter and even the US government? Where are the next big threats coming from?
Philip Lieberman: The recent cyber attacks on large news organizations points out the ability of government level types of attacks to easily compromise commercial security here in the United States. Of note, government level attack resources are not limited to only governments, but are also available to well-connected individuals with access and resources. The point to be made is simple: there is little to no real security found in the commercial tools for anti-virus and anti-malware from the major software providers and the continued purchase of these products is a waste of money and time when the foe is more than a petty criminal.
The next major threat will come from a nation state taking aim at our critical national infrastructure and knocking out resources essential to life. This will be an easy target since many of the utilities have little interest or appreciation for security. Their systems have been fully characterized by hostile powers external to the United States and will eventually be turned off and/or damaged when the time is right. The intelligence agencies have been warning Congress and the Senate about these problems as well as the utilities themselves. Unfortunately, someone, or a lot of someones, will need to be harmed to get these providers to change their ways.
About Philip Lieberman
Philip Lieberman is highly regarded technology expert who is frequently quoted by business and industry press on cyber security issues, including The Wall Street Journal, Los Angeles Times, The Washington Post, USA Today and Newsday. A highly accomplished software engineer with over 30 years of experience, he developed the first products for privileged password management. Lieberman has published books in the field of computer science, taught at UCLA, and has been the author of many computer science courses. He has a B.A. from San Francisco State University (1981) in Physics with minors in Computer Science and Business.
Rake Narang: What vertical industries are most susceptible to hacking and why?
Philip Lieberman: The largest and most sensitive targets are the financial and utilities industries. The financial organizations are now too large to fail and are uncontrollable as to their security. They suffer from more than three decades of inbred design, corporate silos that reward longevity rather than quality, and have lost collective knowledge due to rampant M&A as well as outsourcing. Also, given their size, these organizations are a security sieve with no real ability to secure their environments, and no incentive to do so.
Rake Narang: What’s basically wrong with the approach most security solution providers are taking?
Philip Lieberman: The security solutions underestimate the capabilities of our foes in cyber-space and operate on a security model that was obsolete 10 years ago. Virus signatures are useless when criminals generate custom per-target payloads, and reputation of IP and traffic are similarly useless since criminals can gain access to local resources legally to mask their activities. Data loss protection solutions (DLP) are easy to fool, nearly impossible to set up and maintain, and rarely get deployed after they are purchased. Even logging mechanisms that provide SIEM are rarely tuned and monitored for unusual activity, much less used in a real-time reactive mode.
This is a problem of weak or useless products, poor internal training and processes within companies, and an unwillingness to standup a well trained internal cyber defense team that operates 7/24.
Rake Narang: In your opinion and based on your experience, how can we better secure key infrastructure like the utilities industry?
Philip Lieberman: Fine the companies and incarcerate the management if they fail to secure their infrastructure. Use cyber-warfare resources to simulate attacks against critical infrastructure and if the utilities refuse to fix their problems, take over their companies as a matter of national defense to implement appropriate controls. Force utilities to comply with continuous compliance requirements and prove their controls on a monthly basis to government regulators.
Company: Lieberman Software 1900 Avenue of the Stars, Suite 425,
Los Angeles, CA 90067 U.S.A.
Founded in: 1978 CEO: Philip Lieberman Public or Private: Private Products and Services: Lieberman Software's privileged identity management and security management products help large organizations mitigate complex IT security, reporting and auditing operations. Lieberman Software pioneered the privileged identity management space by releasing the first product to this market in 2001. Since then, the company has regularly updated and expanded its privileged password management solution set while growing its customer base in this vibrant and emerging market. Lieberman Software now has more than one thousand global customers, including over 40 percent of the Fortune 50. Company's Goals: Building on its roots as the pioneer in the privileged password management and shared account password management space, Lieberman Software will continue to introduce new solutions to resolve the security threat of common local account credentials.
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN