- Espionage is rampant, both nation state and industrial
- China has been given the source code to virtually all of the Windows Operating Systems and associated applications, is actively looking for new, previously unknown vulnerabilities and has not yet contributed one CVE
- Advanced Persistent Threat (APT) is poorly named - the only difference between these newer attacks and any prior is patience, and I wouldn't call that advanced, even though we as a culture have forgotten what patience is (instant gratification through SMS, twitter, facebook, blah)
- Our adversaries are looking to steal our economic competetive advantages above and beyond intellectual property and trade secrets - business models, sales playbooks, project management methodologies and research papers in an effort to close the gap
- The gap is actually our innovation, and our innovation is being silently and patiently stolen
- That innovation theft directly impacts our national economy(ies)
- Low probability/high impact, which is cost prohibitive to protect against, has become fairly common/high impact
- Focus your security dollars on controls closest to your user, closest to the human
- The Human - Security Awareness (REAL security awareness programs, not your SOX compliance checkbox program)
- Next closest to the human - Identity Control Systems
- Systems that can, based on your authentication credentials, dynamically create access control lists throughout the network and enforce policy based on what you should be allowed to access
- And next closest - Host Based Application Whitelisting
- Only allowing the execution of known good applications, thereby mitigating most malware techniques
Your success and/or failure at reducing business impact within your own organization directly affects our nation's economy (no pressure).
Good Night, and Good Luck.
