Advances in technology have reaped the human race so many benefits; From the most mundane, daily activities that become more convenient like paying for goods, scheduling appointments, communicating and expressing ourselves; to the most intricate developments in medicine, engineering, and government intel. With all aspects of our lives available through a handheld device and an extensive but seldom encrypted network, it can easily fall to the hands of the unscrupulous and the opportunistic. These individuals and groups are constantly on the lookout for the instance that we let our guards down, and they come stealing identities, information, or money.
Uncle Ben couldn’t have said it better, with great power comes great responsibility. With our best intentions, we try to secure and safeguard the things we regard important, and security measures are enforced. Unfortunately, ruthless cybercriminals can be one step ahead and come up with better, tougher modus operandi, scripts and codes to unleash which can make it past our existing anti-virus, anti-theft, anti-hack, and other defense systems.
It is a defensive game that we play. If there’s one thing we remember from the Art of War, the best way to play defense is by knowing our capabilities and familiarizing ourselves with the enemy. MS-ISAC provides the cyber-version of that Sun Tzu anecdote.
MS-ISAC’s Senior Intelligence Program Manager joins Justice Clearinghouse to provide the information law enforcers, IT and justice professionals need to arm themselves with when faced with cyberthreats and cybercrime. With a prolific background in intelligence analysis, specifically cybersecurity and cybercrime, Stacey Wright is the best person to provide these much-needed insights.
Some of the topics Stacey unpacked on the webinar are:
- The four approaches actors take or fall into when they attempt to, or actually launch, a cyberthreat which is classified by intention and by method.
- The three objectives or purposes why actors unveil cyberthreats or cyber attacks.
- How cyberthreats and attacks are discovered by the agency, organization or individuals, and the various assertion status based whether the threat or attack materialized or transpired.
- The information and things that are frequently targeted by cyber actors which are related to the three purposes.
- The different types of cyberthreat and cyberattack actors, their characteristics based on the discussed elements, the differences and similarities, examples, and highlights for each type.
- The various personality profiles of these actors, and where they fit into the society.
- The two natures of cyberthreat as either exploitation or attack, and 13 types of motivation that may fall on either or both two.
- The various tactics, techniques and procedures (TTPs) that the cyberthreat actors employ to their victims.
A deep-dive on the parallelism of the various elements or enumerations. Some of the relationships studied include:
- Actors to Motivation correlation
- Purpose to Motivation correlation
- Approach to Tactics, Techniques and Procedure correlation
- Approach to Purposes and Targets correlation
- Studies of various cases that illustrate the different permutations of cyberthreats and cyber attacks based on the approach, purpose, target, actor, motivation and TTPs.
- Key takeaways and actionable intelligence that can be used on-the-job by investigators, analysts, and IT and cybersecurity pros and should keep in mind when dealing with a similar case.
- Measures that can easily be implemented that stress the importance of updating apps, software, systems, backup, and passwords among other security measures.
- Quick poll questions gauged the attendee’s familiarity with cybersecurity and their intent to get to know MS-ISAC more.
- After-webinar questions tackled the threats posed by the actors, specific individuals being targeted by such threats and attacks, and the defensive nature of cybersecurity.