Josh Lefkowitz is the CEO of Flashpoint, a cyber threat intelligence firm that specializes in providing insights from the Deep and Dark Webs. Josh spoke with The Cipher Brief to discuss how the cyber threat environment is changing, and how companies can leverage threat intelligence to improve their overall security.
The Cipher Brief: It seems like major cyber attacks are becoming more common. Is that the case, and if so, what explains the increase in these types of incidents?
Josh Lefkowitz: Cyber attacks are becoming more common because cyber criminals are increasing their sophistication, and their targets are becoming more attractive and lucrative. The cyber criminal community is continuously evolving - now providing off-the-shelf malicious tools to a wider audience of cyber criminals. Traditional techniques of prevention are no longer an obstacle for cyber criminals, and they collaborate to exchange tips and tactics on forums in the Deep & Dark Webs. In parallel, their targets have become more vulnerable, with more complex and brittle software storing increasing amounts of valuable data making breaches more financially rewarding.
TCB: What are the most common types of cyber threats today, and what, at a minimum, do companies need to be doing to address them?
JL: Today’s attacks range from developing and deploying payment services exploits, spearphishing, DDoS, and leveraging known and unknown exploits. Current cybersecurity programs incorporate defenses against this wide range of attacks. Defenses include next generation firewalls for network protection, anti-malware for endpoint protection, along with tools to detect, identify, and remediate breaches.
However, these tools are not sufficient when it comes to anticipating future types of attacks. In order to be forward thinking, companies must develop and build threat intelligence programs that gather data about adversaries and translate it into actionable intelligence. Armed with this actionable intelligence, security teams can engage in a much more proactive defense by knowing how and where an adversary is likely to attack. Threat intelligence can help alert companies when a breach has occurred, and understand how the malicious actors are going to utilize the stolen data.
TCB: How do you see the cyber threat evolving, and what advice would you give companies trying to stay ahead of it? How much cyber security is enough?
JL: The cyber threat is evolving in a number of ways. Readily available malicious tools expand the community of cyber criminals. More sophisticated cyber criminals are evolving new attack strategies such as attacking a company through its supply chain. Cybersecurity products are evolving with a push to automate all facets of cybersecurity, from detecting breaches to blocking suspicious traffic. However, there is a limit to this approach, as human beings will always outsmart systems developed by other human beings. By not understanding the human element of an attack, a company is doomed to be purely reactive. To stay ahead of the threats, companies must have comprehensive threat intelligence programs to help them monitor and understand the malicious actors targeting them in order to become aware of potential avenues of attack being considered by adversaries.
When it comes to how much cyber security is enough, it is the same as with any other type of security. There is always a tradeoff between cost, convenience, and security. Companies must examine available budgets and strike the right balance to protect their stakeholders and customers while at the same time ensuring that costs do not make business operations unfeasible.
Furthermore, companies must engage in cost-benefit analysis of current security measures to ensure resources are being allocated in the most efficient way - to get the most security for the smallest budget possible. For instance, Netflix recognized that its anti-virus protections were not cost effective in bolstering security and re-allocated its budget for anti-virus to other security measures. By investing in threat intelligence, companies can see a higher security return per dollar spent by enabling them to be more precise in determining likely avenues of attack and focusing resources against more specific threats and malicious actors.
TCB: Flashpoint collects intelligence on the cyber threat from the dark and deep webs. How can that information be leveraged to make companies more secure?
JL: Flashpoint gathers data from malicious online communities active in the Deep & Dark Webs to provide companies with critical context and understanding related to threat actors. We enable companies to see who is targeting them, when they might be targeted, which avenues of attack these adversaries are considering, and how these criminals plan on breaching them or circumventing known security protocols. Companies can thus deploy their finite security resources with more precision and greater efficiency against adversaries. Companies can also rapidly learn when they’ve been breached based on what data is leaked or put up for sale, so they can respond to a breach as quickly as possible. By knowing one’s enemy intimately, security professionals can be far more proactive in preparing defenses.
TCB: Generally speaking, is there a lack of qualified cybersecurity professionals on the market today? If so, what can be done to address the shortage?
JL: The need for comprehensive cybersecurity now affects companies of all sizes, creating a gap between the supply and demand for talent. The best approach to close this gap is to make the security analyst more productive. For example, Flashpoint provides data and tools to empower analyst teams to monitor the Deep & Dark Web safely, securely, and efficiently. Utilizing these data and tools, even a very small team can gain broad visibility into malicious actor communities, improving the team’s productivity and enabling them to make rapid, specific, and informed recommendations to bolster their company’s security.
