in ,

Tom Conway: The Steps to Take after Hackers, Insiders Strike

Tom Conway: The Steps to Take after Hackers, Insiders Strike - top government contractors - best government contracting event

Tom Conway: The Steps to Take after Hackers, Insiders Strike - top government contractors - best government contracting event
Tom Conway, McAfee

Epsilon and Sony made headlines recently when news emerged of hackers intruding and infiltrating the systems and leaking personal information of hundreds of millions of customers. As reports revealed the possible sky-high costs of breaches, corporations became even more tuned in to the necessity of effective safeguards to protect their data — as well as their own reputation.

McAfee Director of Federal Business Development Tom Conway recently spoke to The New New Internet about what to do after a breach, some of the challenges of preventing one and how to detect suspicious behavior that could alert a potential compromise.

The New New Internet: What are some of the first steps an organization should take after a data breach or in the event of stolen information?

Tom Conway: The first step is to understand the nature and the extent of the damage — what got taken, how it got taken, what were the means by which this data got stolen, determine if it was an insider or someone coming in from the outside. This is forensics, as they call it in detective work and computer security work. If you don’t think you have the staff to do that, there are a lot of companies that can come in there and do investigations in a confidential manner to determine what broke down. Was it a people breakdown, a process breakdown or a technology breakdown or a combination thereof? I would argue that each of these breakdowns have generated the same attention from the press.

You’ve got to be careful with the term “stolen.” For example, if I have a hundred-dollar bill on my desktop and you come in my office and you walk out and that hundred-dollar bill is gone, that’s stolen. We need a term that’s more specific for when I’ve copied a piece of your proprietary intellectual property. I don’t have the sole copy of it, but I have a copy of it, which could be the next cancer-killing drug that’s worth billions of dollars in the worldwide market, which I can beat you to market now with zero R&D, or is it a next-generation fighter or is it financial data or personal information that can be used for the thing that happened.

Stolen is a term that a lot of people use fairly loosely, but I call this type of intellectual property infringement “exfiltration.” I copy it, I walk out with a copy of it, and then I can do all sorts of different things with it. But I don’t think a lot of people get their data back because it’s not the sole copy. For example, I’ll give you your copy back, but in the meantime I made three or four other copies, so I’ll come back and sell it to you three, four times more.

The New New Internet: What are the most pressing challenges when it comes to preventing data breaches for industry?

Tom Conway: People, process and technology are the top challenges that need to be addressed in order to prevent data breaches. You really need to keep on top of all of them — the new people you’re hiring and so forth, what your authorities are, your rights you’re giving people, the accountability of the organization and the process. How do you audit yourself to make sure you’re adhering to policy and such? Then, how can you use technology smartly to enforce your policy or audit your policy?

I look at it in four different vectors: You’ve got security of the system, security of the device, the security of the human machine interaction and then the security of the data. First, how do I secure the system? A lot of people make tools — we’re one of them — to secure your PC to make sure you can’t bring down your entire network accidentally. Insider threat is accidental as well as intentional.  So, how do I make sure you don’t do something on the network that can bring everybody down?

Device security is the famous thumb-drive incident or CD-ROMs. How do I ensure that these things are acceptable or nonacceptable in my organization? I set a policy, and I can enforce it. I can’t have everybody looking over someone’s shoulder to make sure they’re not plugging a thumb drive in, for example.  So, how do I do that through automatic means?  When I plug that thumb drive in that, it’s not on my approved list, it doesn’t execute. It looks dumb. It’s a dead device to me.

The human machine interaction – I’ve got someone who’s on the network and they’re in the finance department. I’ve watched their behavior passively for the last year on the job, and all of a sudden they start nosing around very sensitive technical data when they’re in the accounting department. They’ve never done that before. Why are they starting to do that now? And by the way, why are they starting to download a bunch of information now? Maybe they’re getting ready to do something, like walk out of the organization.

Finally, you’ve got to protect the data itself. One step is, there’s sensitive data: How do I tag this data and make sure that this data never gets outside the organization? The data may have 3-2-4 numbers. How do I write an automated rule and enforce that rule, so no one can email that out, no one can print that out, no one can burn it on a CD or a thumb drive? I don’t want that information leaving. I want people to access it, but I don’t want people to walk away with it or send it away.

The New New Internet: In the wake of WikiLeaks and other breaches, has there been a significant demand for solutions your customers come to you and ask for?

Tom Conway: Yes. There has been a definite uptick because what people are realizing is the value of information is not just the information itself, which is hugely important, but it’s also reputation and confidence in your organization. If I’m a consumer, I’m less likely to buy whatever they’re trying to sell me. Or if they’re an employee and you see that your organization has lost your personal information, you have a lot less confidence in your organization. I would imagine that would drive retention issues over time.

I think the main question is the two things you need to do. Number one, understand what happened to you, the specific instance, and then learn from this crisis what could happen again. Number two,  don’t wait for the next crisis; prepare for it. It’s going to happen, it’s just a question of when, and you need to operate through it, as opposed to being reactionary all of the time.


ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about FedTech SoundOff


Written by Admin

GSA Mary Davie, NRC Darren Ash Joins ACT Exec Committee - top government contractors - best government contracting event
GSA Mary Davie, NRC Darren Ash Joins ACT Exec Committee
NIST Seeks Public's Insight on Cloud Guide Draft - top government contractors - best government contracting event
NIST Seeks Public's Insight on Cloud Guide Draft