Senior Director, Technical Cyber Threat Intelligence
Ken Dunham brings more than 27 years of business, technical and leadership experience in cyber security, incident response and cyber threat intelligence to his position as senior director of technical cyber threat intelligence for Optiv. In this role, he is responsible for the strategy and technical leadership to mature Optiv’s data integration and innovation of intelligence-based security solutions.
Titanic - Lessons Learned for Cyber Security
“History repeats itself. So you might wanna pay attention.” – Quavo
Computer security professionals are all too familiar with the “cat and mouse” game seen on the global stage of the enemy and defenders. History does indeed repeat itself, because we are human. Humans tend to be reactive, take things for granted, and assume much when it comes to our strengths and weaknesses. Bad actor tools, tactics, and procedures (TTPs) continue to evolve with nascent technology and infrastructure solutions. To best defend against historical and emergent threat we must embrace lessons learned from the history of cyber attacks, and our defense, to date.
The Titanic, not unlike some well-managed security networks, revealed all too clearly a prevailing attitude that it was unsinkable. This led to their demise according to an article published by NBC News in 2015. Several factors impacted the sinking of the Titanic, and there are a few, that also provide lessons for us in cyber security:
The risk environment had changed.
The weather was warmer than usual. If navigators were keen to this, they would have been more concerned and cautious entering into waters likely to contain icebergs.
Do you have a security solution in place that ‘has you covered’ or claims to ‘stop attacks’? Don’t take it for granted, use old school wisdom to solve new age issues. The fundamentals of malware security, with multiple layers, just be the pillar of a mature SecOps program.
The likelihood of risk had increased.
Tides impact where icebergs travel in the ocean. In the year the Titanic sunk usually high tides may have resulted in icebergs being dislodged. While this is a more advanced concept of navigation and risk it certainly should have been considered by any experienced seaman.
What metrics and visibility do you have, into your threat environment and the global threat environment, to understand when risk has changed? If a new exploit, that impacts your organization software exists, and is being actively exploited in the wild to deploy malware, are you aware of it and can you respond to the increased likelihood of attack?
The ship was going way too fast.
Edward J. Smith, the ship’s captain, was sailing at full speed ahead boldly ignoring all threats and risk. His attitude was a significant contributor to the sinking of the Titanic. In his case he was going too fast, perhaps because of arrogance and pride.
The same is true in business, where our focus and priorities may shift towards getting that next contract or developing capabilities instead of proceeding safely as a business matures. We are all busy – busier than ever these days – and are increasingly guilty of putting out fires instead of firefighting. Fire Fighters are always staying in shape, training in the off season (does your staff have ongoing professional growth?) and working in the fire season. They also proactively clear brush, deploy community awareness programs, maintain equipment and more in the off season – to proactively prepare for the next season. What are you doing to get beyond the reactive nature of business, the business of your day, to get one step ahead every day in your organization?
Warnings were ignored.
Many warnings were given to the Titanic, but they were all ignored. Public reports have documented that the last and most specific warnings were not given to the captain because they didn’t carry the prefix MSG for the Masters’ Service Gram.
Do you have policies, silos of excellence, or chain of command leadership challenges in your organization? Review standard operating procedures and train towards critical thinking and teaming to overcome extenuating circumstances or stifling the voices of those that need to be heard.
Binoculars were locked up.
David Blair held the key to the binoculars but was bumped from the crew before the ship departed. Without binoculars spotting icebergs out in the distance, where a ship could slow down or avert them, isn’t feasible.
Do you have a contingency plan? How do you handle redundancy, especially when you have a small number of staff and available resources? Get creative as you seek to always have backups in place for keys and your most valuable asset, your people.
There were communication challenges.
Unsubstantiated reports indicate that a command was misinterpreted leading to making the ship turn right instead of pushing the tiller to the right (thereby making the ship turn left).
In a time of crisis communication will always be challenged. In extreme environments, like the military Pave Paws programs where a decision to call in a possible nuclear attack takes place within seconds, communication is constantly practiced and audited to ensure it’s clear, efficient and effective. How practiced is your organization should you have a security incident?
One of the greatest lessons learned in the tragedy of the Titanic is humility. No matter how big and strong your defenses are against cyber-attack, you will most likely be attacked, you will have incidents, you are not immune. Cyber security isn’t about preventing attacks it’s about lowering risk and mitigating damage should an incident take place. If those involved with the Titanic had just done or two things differently the entire disaster may have been averted, even though multiple failures are documented that contributed to this incident. Systematically and strategically review your security posture to ensure you are being both reactive and proactive and are ready for the worst when it strikes.