06-25-20 - We Only Accept "Sophisticated" Cybercrime

We Only Accept "Sophisticated" Cybercrime

June 25, 2020

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Drudgery of Cybercrime

Drudgery of Cybercrime

 On this episode of Defense in Depth:

Co-host Allan Alford and guest Steve Zalewski, deputy CISO, Levi Strauss, discussed:

  • There's a dichotomy between how the press glorifies cybercrime as being "sophisticated" when the reality is much of cybercrime is drudgery.

  • Most cybercrime is under a pay-for-hire or a web-based service model. Cybercriminals have to deal with many of the same business-related issues we all do, such as support, infrastructure, customer relations, and sales.

  • Given that the cybercriminals are usually doing work for someone else, they have customers and those customers will often complain if they are not getting the expected service.

  • There was question if cybercrime does pay. It seemed that if you had some basic technical talents then legitimate InfoSec was a far more lucrative field that would probably offer benefits that cybercrime couldn't offer.

  • The paper states that low-skilled administrators often don't know much about the systems they maintain. This would lead one to believe they're also far removed from the criminal activity.

  • Many of these claims of the boredom of cybercrime can be made of the InfoSec community as well.

  • Once you understand that cybercrime is a business with a need for ROI like any other business, the goal in protecting oneself is to simply make it too costly and not financially attractive to be hacked.

Thanks to this week's sponsor of Defense in Depth, IronNet Cybersecurity.

IronNet Cybersecurity

To combat sophisticated cyber threats, companies are increasingly adopting collective defense strategies to actively share intelligence with peer organizations to improve the detection capabilities of the collective. Through faster sharing of behavioral analytics, signature-based, and human threat insights, organizations can more effectively spot malicious activity and reduce attacker dwell time. More on

.

 

 

Nicole Dove, BISO, ADP on the best location for a BISO.

 Upcoming CISO Series Video Chats 

TOMORROW, Friday [6-26-20] Hacking Tool Optimization

Huge thanks to our sponsor, AttackIQ.

All chats start at 10 AM PT/1 PM ET on Fridays.

Tony Sager, svp, chief evangelist, Center for Internet Security on security we should do but don't do.

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.