1 00:00:00,834 --> 00:00:07,280 All right, we are recording the second episode of the Security Podcast, which is 2 00:00:07,281 --> 00:00:11,305 part of the State of Enterprise IT show. 3 00:00:13,067 --> 00:00:18,813 Okay, we are recording the second episode of the State of Enterprise IT Security 4 00:00:18,813 --> 00:00:21,316 Edition with Brad Bussie. 5 00:00:21,316 --> 00:00:22,957 All right, Brad, take it away. 6 00:00:23,548 --> 00:00:24,709 All right, hi everybody. 7 00:00:24,709 --> 00:00:29,915 I'm Brad Bussie Chief Information Security Officer here at e360 Thanks again for 8 00:00:29,915 --> 00:00:33,759 joining me for the State of Enterprise IT Security Edition. 9 00:00:33,800 --> 00:00:38,986 This is the show that makes IT security approachable and actionable for technology 10 00:00:38,986 --> 00:00:39,867 leaders. 11 00:00:40,080 --> 00:00:43,242 I'm happy to bring you three topics this week. 12 00:00:43,262 --> 00:00:48,065 The first one is can cybersecurity experts safely use TikTok? 13 00:00:48,066 --> 00:00:52,249 The second is will breaches be worse this year? 14 00:00:52,609 --> 00:00:57,053 And the third is MITRE ATT&CK really that influential? 15 00:00:57,213 --> 00:00:59,474 So with that, let's get started. 16 00:01:00,296 --> 00:01:05,599 So can cybersecurity experts safely use TikTok? 17 00:01:06,088 --> 00:01:12,773 And I look at this whether, you know, cybersecurity experts can use TikTok. 18 00:01:12,773 --> 00:01:16,516 And I think it depends on several factors. 19 00:01:17,117 --> 00:01:24,322 Part of it is what's your risk tolerance, really what's the purpose of your usage 20 00:01:24,543 --> 00:01:28,105 and what precautions are you taking? 21 00:01:28,246 --> 00:01:33,870 So if I were to break it down into a couple of considerations, I would start 22 00:01:33,870 --> 00:01:35,711 with what are the potential risks. 23 00:01:35,932 --> 00:01:42,033 So for the, I'd say since the inception of the application or website, depends on how 24 00:01:42,033 --> 00:01:48,435 you consume it, data collection and privacy concerns are paramount. 25 00:01:48,435 --> 00:01:52,236 TikTok collects considerable user data. 26 00:01:52,416 --> 00:01:58,318 There's been argument that Google collects it the same, that YouTube also does it, 27 00:01:58,318 --> 00:02:01,418 Instagram, kind of the whole Facebook family. 28 00:02:01,539 --> 00:02:05,479 But I think what's being done with it is more 29 00:02:05,756 --> 00:02:07,116 of the concern. 30 00:02:07,456 --> 00:02:09,197 So it's collecting user data. 31 00:02:09,197 --> 00:02:14,758 It includes the location, the device information, the viewing habits of the 32 00:02:14,758 --> 00:02:15,698 user. 33 00:02:15,919 --> 00:02:23,201 The app owner is a Chinese company, which raises some concerns about potential data 34 00:02:23,201 --> 00:02:25,922 access by the Chinese government. 35 00:02:26,442 --> 00:02:30,623 It's interesting though, because TikTok denies those claims. 36 00:02:30,623 --> 00:02:31,763 There are... 37 00:02:32,208 --> 00:02:37,230 Security vulnerabilities and while vulnerabilities are inherent in any 38 00:02:37,230 --> 00:02:43,013 software, like we've hit on that a few times before, TikTok's faced some pretty 39 00:02:43,013 --> 00:02:48,176 harsh criticism in the past for the security flaws that could again, 40 00:02:48,176 --> 00:02:52,038 potentially expose user data. 41 00:02:52,038 --> 00:02:54,999 So we're still talking about data, we're still talking about privacy. 42 00:02:55,188 --> 00:02:59,649 But I think even more dangerous is misinformation and propaganda. 43 00:02:59,649 --> 00:03:08,211 So TikTok's algorithm, they can expose users to misinformation, propaganda, 44 00:03:08,411 --> 00:03:15,953 especially if it's coming from a quote unquote verified source. 45 00:03:16,374 --> 00:03:20,735 Those are things that are a little more controlled on other platforms, but not so 46 00:03:20,735 --> 00:03:22,995 much on TikTok. 47 00:03:23,144 --> 00:03:29,565 So this could be pretty concerning for me as a cybersecurity practitioner when it 48 00:03:29,565 --> 00:03:32,626 comes to dealing with sensitive information. 49 00:03:33,066 --> 00:03:38,448 So let's say I decide to accept the risk. 50 00:03:38,608 --> 00:03:43,049 What are some of the things that I could do to use TikTok? 51 00:03:43,049 --> 00:03:48,151 And I'll also talk a little bit about how I feel about security experts leveraging 52 00:03:48,151 --> 00:03:51,891 the platform to reach an audience. 53 00:03:52,496 --> 00:03:56,358 So for me, it all comes down to limiting engagement. 54 00:03:56,358 --> 00:04:03,401 So if an expert does choose to use TikTok, they should limit the engagement to very 55 00:04:03,401 --> 00:04:10,505 specific purposes, like following education, specific content, industry 56 00:04:10,505 --> 00:04:16,427 trends, and really the goal is to minimize any data exposure. 57 00:04:17,484 --> 00:04:21,765 I'd say making sure your privacy settings, utilizing all the available privacy 58 00:04:21,765 --> 00:04:26,066 settings and restricting data sharing can offer some protection, but it doesn't 59 00:04:26,066 --> 00:04:32,808 offer you protection from the main thing we're concerned about, which is the owners 60 00:04:32,808 --> 00:04:37,509 and operators of TikTok and what they would do with the information. 61 00:04:37,509 --> 00:04:41,130 I always encourage device separation. 62 00:04:41,130 --> 00:04:45,331 So use a separate device strictly for TikTok. 63 00:04:45,612 --> 00:04:53,114 and this can isolate potential risks from work or personal devices. 64 00:04:53,535 --> 00:04:59,877 But again, TikTok learns from where you're visiting, what you're watching, how long 65 00:04:59,877 --> 00:05:01,638 you stay on something, where you are. 66 00:05:01,638 --> 00:05:04,419 I mean, it looks at all of those things. 67 00:05:04,419 --> 00:05:08,241 So keep in mind that device could be exposed. 68 00:05:08,261 --> 00:05:15,343 So be very cognizant of what is actually on that device in addition to TikTok. 69 00:05:15,948 --> 00:05:22,450 And I would say have some critical awareness, maintain a critical eye on all 70 00:05:22,450 --> 00:05:27,492 the content that's encountered and verify the information. 71 00:05:27,492 --> 00:05:31,774 Make sure it's coming from a credible source. 72 00:05:31,774 --> 00:05:34,295 I mean, that's pretty important. 73 00:05:34,675 --> 00:05:39,977 So alternately, there's some industry specific platforms. 74 00:05:39,977 --> 00:05:45,664 So you could go to what I would consider more secure platforms that 75 00:05:45,664 --> 00:05:50,105 that specifically cater to cybersecurity professionals. 76 00:05:50,166 --> 00:05:54,187 But that's if you're interested in using it for that purpose. 77 00:05:54,187 --> 00:06:00,830 I think what I see is a lot of people use TikTok for relaxation or they use it for 78 00:06:00,830 --> 00:06:02,171 entertainment. 79 00:06:03,011 --> 00:06:11,395 But just observing my family members, I actually don't let my children install or 80 00:06:11,395 --> 00:06:13,075 leverage TikTok. 81 00:06:13,088 --> 00:06:16,628 for a lot of the reasons that I discussed. 82 00:06:16,688 --> 00:06:23,550 So I think just being aware of what you're after. 83 00:06:23,630 --> 00:06:26,991 So if it is entertainment, I think there's a lot of other options. 84 00:06:27,752 --> 00:06:32,253 I actually see a lot of the things that make it to TikTok, they show up on other 85 00:06:32,253 --> 00:06:33,553 platforms now. 86 00:06:33,553 --> 00:06:37,814 Maybe it's not as fast, but it does happen. 87 00:06:37,854 --> 00:06:42,412 And then, if I'm looking for an alternative, let's say I'm... 88 00:06:42,412 --> 00:06:48,113 researching something, I don't necessarily think TikTok's the place because you're 89 00:06:48,113 --> 00:06:51,914 never quite sure about the authenticity of the information. 90 00:06:51,914 --> 00:06:55,435 So there's other places that I could get cyber information. 91 00:06:55,435 --> 00:07:00,077 There's a bunch of blogs, there's a bunch of websites, and we'll talk about some of 92 00:07:00,077 --> 00:07:05,918 those throughout the podcast because I think it's important that we're all armed 93 00:07:05,918 --> 00:07:07,379 with some good information. 94 00:07:07,419 --> 00:07:10,336 So if I'm going to conclude. 95 00:07:10,336 --> 00:07:16,638 this segment, I would say, whether cybersecurity experts can safely use 96 00:07:16,638 --> 00:07:25,162 TikTok, it ultimately depends on their individual risk assessment, risk 97 00:07:25,162 --> 00:07:28,603 tolerance, and their mitigation strategies. 98 00:07:28,623 --> 00:07:38,147 So while potential risks do exist, I think careful engagement, utilizing the privacy 99 00:07:38,147 --> 00:07:39,167 settings, 100 00:07:40,092 --> 00:07:45,775 alternate sources, that can help manage some of the risk. 101 00:07:46,156 --> 00:07:52,980 And I would say, if I'm after specific information, there's other places that I 102 00:07:52,980 --> 00:07:53,761 could go for it. 103 00:07:53,761 --> 00:07:56,963 So again, it's up to the individual. 104 00:07:57,483 --> 00:08:03,507 And if I am a influencer, let's say I'm a cybersecurity influencer, I don't know if 105 00:08:03,507 --> 00:08:10,111 I've hit that status quite yet, but once I do, are you gonna find me on TikTok? 106 00:08:10,224 --> 00:08:11,164 you won't. 107 00:08:12,065 --> 00:08:19,711 But I feel that there are other platforms that are more appropriate for that 108 00:08:19,711 --> 00:08:20,572 outreach. 109 00:08:20,572 --> 00:08:22,433 So I'll just leave it there. 110 00:08:22,434 --> 00:08:26,717 I think there's going to be some heated debate about this one. 111 00:08:26,777 --> 00:08:29,419 And I'd love to I'd love to chat more about it. 112 00:08:29,419 --> 00:08:35,584 So let's move on to the second of our topics for this week. 113 00:08:36,145 --> 00:08:39,667 Will cybersecurity breaches be worse this year? 114 00:08:40,120 --> 00:08:47,542 And I see several factors that suggest a very high likelihood of a continued or 115 00:08:47,542 --> 00:08:52,403 even an increase in the threats as well as the breaches. 116 00:08:52,783 --> 00:08:57,605 So if I'm looking at it, I mean, we really have a growing attack landscape. 117 00:08:57,705 --> 00:09:00,185 There's evolving tactics. 118 00:09:00,185 --> 00:09:04,127 Attackers are constantly innovating. 119 00:09:04,127 --> 00:09:07,187 They're exploiting new vulnerabilities. 120 00:09:07,308 --> 00:09:11,569 they're developing more sophisticated techniques. 121 00:09:12,109 --> 00:09:18,290 And as we talked about in previous shows, those attacks are now AI powered. 122 00:09:18,731 --> 00:09:24,212 You can put together a much easier social engineering scam. 123 00:09:24,592 --> 00:09:30,594 I see a lot of this with help desks where they're getting socially engineered and 124 00:09:30,594 --> 00:09:34,555 saying that someone is a user, they're unlocking accounts, they're reissuing 125 00:09:34,555 --> 00:09:37,115 keys, they're just doing un... 126 00:09:37,316 --> 00:09:42,437 natural things the way we would consider it unnatural but to them they don't 127 00:09:42,437 --> 00:09:48,819 actually know what they are dealing with they think it's a real person so I think 128 00:09:48,819 --> 00:09:55,941 we're going to continue to see ransomware being a significant concern because of the 129 00:09:55,941 --> 00:10:04,223 money aspect I also see an increased attack surface so there's a growing 130 00:10:04,223 --> 00:10:07,163 reliance on digital technologies 131 00:10:07,308 --> 00:10:14,071 cloud computing, interconnected devices, and that just expands the potential entry 132 00:10:14,071 --> 00:10:16,452 points for attackers. 133 00:10:17,113 --> 00:10:21,055 I think another one is geopolitical tensions. 134 00:10:21,055 --> 00:10:28,940 There is a lot going on, and I think cyber warfare, state-sponsored attacks, they're 135 00:10:28,940 --> 00:10:30,180 on the rise. 136 00:10:30,460 --> 00:10:35,923 And I'd say adding another layer of complexity to 137 00:10:35,936 --> 00:10:42,661 the threat landscape is just all of the different conflicts that are, I think, 138 00:10:42,661 --> 00:10:48,526 starting to spill over into allied countries with what's happening with 139 00:10:48,526 --> 00:10:52,129 Russia and Ukraine, with what's happening in Israel. 140 00:10:52,129 --> 00:10:55,953 There's a couple of others that I would mention, but I think these are the ones 141 00:10:55,953 --> 00:10:59,815 that are of most interest for this year. 142 00:11:00,577 --> 00:11:04,519 I continue to see vulnerable infrastructure. 143 00:11:04,860 --> 00:11:06,160 all over the place. 144 00:11:06,420 --> 00:11:12,924 Outdated software and systems, a lot of organizations, they still rely on outdated 145 00:11:12,924 --> 00:11:16,986 technology with known vulnerabilities. 146 00:11:17,106 --> 00:11:20,108 And that makes them easy targets for attackers. 147 00:11:20,108 --> 00:11:22,689 And I know you're thinking, well, why don't they just patch their stuff? 148 00:11:22,689 --> 00:11:24,791 Why don't they just do, why don't, why don't? 149 00:11:24,791 --> 00:11:30,954 Well, I ask that question every day and I still don't have a good answer because 150 00:11:30,954 --> 00:11:34,116 it's different for everyone that I talk to. 151 00:11:35,544 --> 00:11:41,525 Human error, I mean, fishing attacks, social engineering scams, they continue to 152 00:11:41,525 --> 00:11:46,987 exploit, I would say, the most vulnerable, which is the human. 153 00:11:47,347 --> 00:11:50,248 And that is a significant risk. 154 00:11:51,148 --> 00:11:55,969 Lack of cybersecurity awareness, I mean, insufficient awareness and training in an 155 00:11:55,969 --> 00:12:03,511 organization, it can leave them completely unprepared to handle cyber threats. 156 00:12:03,511 --> 00:12:04,311 And then... 157 00:12:04,704 --> 00:12:07,124 the rising financial incentives. 158 00:12:07,124 --> 00:12:13,826 I mean, cryptocurrency popularity, that was a big boom, 21, 22. 159 00:12:13,826 --> 00:12:22,949 I think 2023, we saw a bit of a dip as far as how lucrative it is. 160 00:12:22,949 --> 00:12:31,431 However, that's still the currency of the cybersecurity attackers. 161 00:12:31,472 --> 00:12:35,453 And I think it will continue to be, and we'll see a resurgence of crypto. 162 00:12:35,453 --> 00:12:41,674 I think it's just where it's, it's where finances are going. 163 00:12:41,794 --> 00:12:43,815 How long it takes us to get there. 164 00:12:43,895 --> 00:12:51,577 I think that remains to be seen, but monetizing data I'd say is another area of 165 00:12:51,577 --> 00:12:55,478 that rising financial incentive. 166 00:12:55,538 --> 00:12:57,599 So it could be personal data. 167 00:12:57,979 --> 00:12:59,639 Could be corporate data. 168 00:12:59,639 --> 00:13:00,924 It it's valuable. 169 00:13:00,924 --> 00:13:07,427 It's a commodity now and attackers steal it so that they can sell it because 170 00:13:07,427 --> 00:13:13,131 someone on the dark web is going to buy it for whatever purpose. 171 00:13:13,131 --> 00:13:16,092 And those purposes are typically nefarious. 172 00:13:16,493 --> 00:13:22,756 And then I'd say the crown jewel of all of this is ransomware, the ransomware 173 00:13:22,756 --> 00:13:23,837 payouts. 174 00:13:24,597 --> 00:13:26,618 It continues to be successful. 175 00:13:27,019 --> 00:13:28,499 Ransomware attacks. 176 00:13:28,908 --> 00:13:36,014 and the incentives, they further develop, and the deployment of the tactics keep 177 00:13:36,014 --> 00:13:37,114 getting better. 178 00:13:37,615 --> 00:13:43,340 And it's interesting, because this is a polarizing topic when I talk to people 179 00:13:43,340 --> 00:13:46,603 about, hey, should we pay the ransom? 180 00:13:46,984 --> 00:13:54,630 And that is a very personal question, because I listen to enough cybersecurity 181 00:13:54,630 --> 00:13:56,311 practitioners that say no. 182 00:13:56,852 --> 00:14:02,016 because if we stop paying the ransoms, then it's not lucrative anymore. 183 00:14:02,236 --> 00:14:05,219 And those types of attacks will go away. 184 00:14:05,219 --> 00:14:07,320 We'll essentially starve them out. 185 00:14:07,581 --> 00:14:12,885 But the challenge with that is in some instances, a business would cease to exist 186 00:14:12,986 --> 00:14:20,213 because they didn't do enough upfront to protect themselves or to recover from that 187 00:14:20,213 --> 00:14:21,553 type of an attack. 188 00:14:21,674 --> 00:14:23,835 So I think we could. 189 00:14:23,872 --> 00:14:24,932 go pretty deep on that. 190 00:14:24,932 --> 00:14:28,395 I think we'll have another show where we'll do that, where we'll talk about 191 00:14:28,395 --> 00:14:32,458 resiliency and what organizations can do. 192 00:14:32,458 --> 00:14:40,745 Because I think if enough of us are prepared, then we can wage an offensive by 193 00:14:40,745 --> 00:14:42,446 being defensive. 194 00:14:42,667 --> 00:14:47,490 And the next thing you know, ransomware will be a thing of the past because 195 00:14:47,871 --> 00:14:53,475 granted we will have an impact, but should we pay the ransom at that point? 196 00:14:53,868 --> 00:14:55,288 because we're ready for it. 197 00:14:55,568 --> 00:15:02,770 So I think some of the things that we can do this year as potential countermeasures, 198 00:15:02,770 --> 00:15:09,132 because I never liked doom and gloom anything, I think three things, improve 199 00:15:09,132 --> 00:15:10,652 cybersecurity awareness. 200 00:15:10,792 --> 00:15:14,233 So increase the awareness and training. 201 00:15:14,233 --> 00:15:18,715 I know we all look at it all the time and say, oh, my users just don't get it, 202 00:15:18,715 --> 00:15:20,095 they're not doing it. 203 00:15:20,755 --> 00:15:21,775 Keep at it. 204 00:15:22,264 --> 00:15:29,766 I think we can significantly reduce the human error and how susceptible we are to 205 00:15:29,766 --> 00:15:31,466 social engineering attacks. 206 00:15:31,466 --> 00:15:33,687 We just have to stay consistent. 207 00:15:33,927 --> 00:15:38,928 And there are statistics of how many times somebody has to see something before it 208 00:15:38,928 --> 00:15:40,268 really sticks. 209 00:15:40,589 --> 00:15:42,289 And it's a lot. 210 00:15:42,389 --> 00:15:45,170 And our attention spans are getting shorter and shorter. 211 00:15:45,170 --> 00:15:50,784 So what I've done with our own program is I've made it more bite-sized. 212 00:15:50,784 --> 00:15:56,347 So instead of the 45 to an hour training, I'm trying to do the fives, the tens, the 213 00:15:56,347 --> 00:15:59,908 15 minute trainings, that I just do it more often. 214 00:16:00,149 --> 00:16:05,111 And that's been well received by my users. 215 00:16:05,111 --> 00:16:07,813 Investing in cybersecurity tools and infrastructure. 216 00:16:07,813 --> 00:16:15,357 I mean, organizations that prioritize cybersecurity and invest in tools, and you 217 00:16:15,357 --> 00:16:18,218 can look at it as still firewalls, 218 00:16:20,572 --> 00:16:25,596 intrusion detection, endpoint detection response, those types of systems, I mean, 219 00:16:25,596 --> 00:16:29,539 they still strengthen the overall defenses. 220 00:16:29,539 --> 00:16:35,744 Now, you'll hear me talk a lot and am I still a big fan of firewalls if it's a 221 00:16:35,744 --> 00:16:37,505 perimeter implementation? 222 00:16:37,505 --> 00:16:38,646 Not so much. 223 00:16:38,866 --> 00:16:44,131 I'm more of bringing security closer to the endpoint, closer to the application 224 00:16:44,131 --> 00:16:48,214 and closer to the user, but there are still firewalls in play. 225 00:16:48,214 --> 00:16:50,515 It's just how they're- 226 00:16:51,336 --> 00:16:57,440 And then I'd say the third countermeasure this year would be collaboration and 227 00:16:57,440 --> 00:16:58,901 information sharing. 228 00:16:58,981 --> 00:17:06,227 So threat intelligence is still one of the best practices within the cybersecurity 229 00:17:06,227 --> 00:17:07,187 community. 230 00:17:07,368 --> 00:17:11,651 Because if we're all being attacked and we stay silent and we're not sharing the 231 00:17:11,651 --> 00:17:16,975 information, how we mitigated it, how we detected it, then the attackers are going 232 00:17:16,975 --> 00:17:17,735 to win. 233 00:17:17,896 --> 00:17:22,918 So making sure we share amongst ourselves and we have that good threat intelligence, 234 00:17:22,918 --> 00:17:25,339 everyone needs to invest in Threat Intel. 235 00:17:25,359 --> 00:17:30,161 So however you're getting that information, we could again have a whole 236 00:17:30,161 --> 00:17:36,183 show about that, but there's a lot of options and happy to discuss any of those 237 00:17:36,243 --> 00:17:38,244 with listeners. 238 00:17:38,244 --> 00:17:46,027 So speaking of Threat Intel, let's wrap up this show with our third topic. 239 00:17:46,152 --> 00:17:52,337 which is the MITRE ATT&CK framework, and is it really that influential? 240 00:17:52,597 --> 00:17:58,683 So for those of you that are new to MITRE ATT&CK, let's kind of look at it from the 241 00:17:58,683 --> 00:18:03,226 lens of just the simple high level. 242 00:18:03,427 --> 00:18:12,254 So MITRE ATT&CK is like a cybersecurity map of attacker tactics. 243 00:18:12,435 --> 00:18:13,135 So... 244 00:18:13,232 --> 00:18:19,235 It outlines the common ways attackers operate, and that could be sneaky 245 00:18:19,235 --> 00:18:22,917 reconnaissance to deploying malware. 246 00:18:23,457 --> 00:18:29,760 And it makes it easier for defenders to understand their potential opponents. 247 00:18:29,801 --> 00:18:34,783 So think of it as a shared language and playbook for cybersecurity. 248 00:18:34,884 --> 00:18:41,447 It's helping everyone speak the language against cyber threats, and it's really the 249 00:18:41,447 --> 00:18:42,508 same language. 250 00:18:42,508 --> 00:18:46,108 So we all kind of understand where it's coming from. 251 00:18:46,108 --> 00:18:52,670 It's constantly updated, just like maps when they get a new road or a new 252 00:18:52,670 --> 00:18:53,790 landmark. 253 00:18:54,011 --> 00:19:00,332 And what it does is it reflects new attacker tricks and it helps keep our 254 00:19:00,332 --> 00:19:05,674 defenders up to date and you could say on their toes. 255 00:19:06,234 --> 00:19:11,055 Now, I would say MITRE attacks influence in the cybersecurity world, it's 256 00:19:11,055 --> 00:19:12,015 undeniable. 257 00:19:12,620 --> 00:19:19,563 48% of organizations use MITRE ATT&CK and they use it extensively. 258 00:19:19,683 --> 00:19:21,744 And that's for security operations. 259 00:19:21,744 --> 00:19:28,108 And a lot of that has to do with the endpoint detection response platforms. 260 00:19:28,108 --> 00:19:32,970 They're basing a lot of the way they do things on MITRE ATT&CK. 261 00:19:33,511 --> 00:19:37,673 And then there's another 41% of organizations that are using it to some 262 00:19:37,673 --> 00:19:38,554 degree. 263 00:19:38,554 --> 00:19:42,304 So if I'm looking at that from influence, that's a lot of percent. 264 00:19:42,304 --> 00:19:45,426 I mean, that's pretty close to 100. 265 00:19:45,967 --> 00:19:52,852 But 19% consider it critical to their future security strategy. 266 00:19:53,292 --> 00:19:56,014 And 62% see it as very important. 267 00:19:56,055 --> 00:20:02,860 So if I'm reading the statistics, it's a good base level framework, but not enough 268 00:20:02,860 --> 00:20:10,166 for seeing it as a critical component to their future security strategy. 269 00:20:10,166 --> 00:20:11,956 And I think that's a bit of a miss. 270 00:20:11,956 --> 00:20:17,961 because it really is a great map and way of understanding attackers. 271 00:20:18,121 --> 00:20:21,264 And there's a concept of the kill chain. 272 00:20:21,625 --> 00:20:28,311 And if you look at how attacks are started and how they end, you can follow it just 273 00:20:28,311 --> 00:20:29,552 like a playbook. 274 00:20:29,612 --> 00:20:36,599 These things are real and attackers do follow step by step because it is a chain, 275 00:20:36,599 --> 00:20:37,819 it is a process. 276 00:20:38,524 --> 00:20:43,408 It's typically a nefarious process, but it is something that we can still understand. 277 00:20:43,788 --> 00:20:48,773 Now, if I look at the impact on the industry, what has MITRE done for us? 278 00:20:48,773 --> 00:20:53,496 It's done one of the best things, which is standardizing the language. 279 00:20:53,637 --> 00:20:56,179 So we can all look at it. 280 00:20:56,179 --> 00:20:57,280 We can all see it. 281 00:20:57,280 --> 00:20:59,041 It's a common framework. 282 00:20:59,042 --> 00:21:03,505 And it describes the attacker tactics and the techniques. 283 00:21:04,026 --> 00:21:06,087 It fosters better communication. 284 00:21:07,016 --> 00:21:11,137 And really that whole collaboration across the cybersecurity community. 285 00:21:11,557 --> 00:21:14,538 There's improved threat detection because of it. 286 00:21:14,538 --> 00:21:17,618 And that's because we understand how the attackers operate. 287 00:21:17,959 --> 00:21:25,841 And we can develop more effective defenses and detection mechanisms because of that. 288 00:21:26,301 --> 00:21:33,083 And I mentioned this before, but it's really having informed security tooling. 289 00:21:33,083 --> 00:21:35,783 So the vendors that 290 00:21:35,976 --> 00:21:42,899 are creating cybersecurity tools and defense software, they're aligning their 291 00:21:42,899 --> 00:21:47,600 products and their services with MITRE ATT&CK and the MITRE ATT&CK framework. 292 00:21:47,621 --> 00:21:53,203 So really it makes them more relevant and effective. 293 00:21:53,663 --> 00:21:58,085 And I would also argue that MITRE is driving innovation. 294 00:21:58,085 --> 00:22:04,520 So there's continuous updates to the framework and that's key because 295 00:22:04,520 --> 00:22:07,880 Our attackers are evolving, MITRE is evolving. 296 00:22:07,960 --> 00:22:09,301 And that's what we want. 297 00:22:09,441 --> 00:22:17,283 We want a parity and to keep pace with each other because it's not going away. 298 00:22:17,783 --> 00:22:18,924 Benchmarking and testing. 299 00:22:18,924 --> 00:22:22,104 So this is something that I was really missing. 300 00:22:22,445 --> 00:22:27,386 If you all remember NTT back in the day, they would test a lot of different 301 00:22:27,386 --> 00:22:32,547 software and we could get some scoring based on how the... 302 00:22:32,840 --> 00:22:35,882 cybersecurity tooling performed in the real world. 303 00:22:35,882 --> 00:22:41,446 Well, MITRE has put on that superhero cape and they're doing something very similar, 304 00:22:41,446 --> 00:22:42,766 if not a little bit better. 305 00:22:42,766 --> 00:22:44,768 They're doing benchmarking and testing. 306 00:22:44,768 --> 00:22:50,852 So it provides a way to measure an organization's security posture against 307 00:22:50,852 --> 00:22:56,816 known threats, but they are also testing in an environment a lot of different 308 00:22:56,816 --> 00:23:00,919 tools, and then they're giving us scores, which is great. 309 00:23:00,919 --> 00:23:01,559 So. 310 00:23:01,840 --> 00:23:05,562 If you're interested in that, hit the MITRE website, take a look at it. 311 00:23:05,803 --> 00:23:14,530 And I think the way that we are going to survive this new age of AI is how MITRE is 312 00:23:14,530 --> 00:23:16,352 open source and collaborative. 313 00:23:16,352 --> 00:23:22,997 So it's freely available, it's openly developed, and its goal is to foster that 314 00:23:22,997 --> 00:23:26,940 collective spirit in the cybersecurity community. 315 00:23:26,961 --> 00:23:30,863 So I've always looked at it as we are better together. 316 00:23:30,952 --> 00:23:35,553 I'm a big fan of the crowd movement. 317 00:23:35,634 --> 00:23:42,697 That's a little old now by the standards, but still it is our best chance against 318 00:23:42,697 --> 00:23:43,817 attackers. 319 00:23:44,017 --> 00:23:50,680 So overall, MITRE ATT&CK, it's become a cornerstone of modern cybersecurity. 320 00:23:51,160 --> 00:23:55,842 I think its influence can be seen in its widespread adoption. 321 00:23:56,202 --> 00:23:58,923 The impact that it's had on the industry 322 00:23:59,128 --> 00:24:02,449 and the ongoing innovation that it drives. 323 00:24:03,089 --> 00:24:11,593 So I would give you a counterpoint to, it is highly influential, but it's not a one 324 00:24:11,593 --> 00:24:13,193 size fits all solution. 325 00:24:13,193 --> 00:24:17,695 I mean, you need to look at it and adapt it to your specific needs. 326 00:24:17,695 --> 00:24:22,257 And I think that some organizations struggle because of their particular 327 00:24:22,257 --> 00:24:23,597 threat landscape. 328 00:24:23,718 --> 00:24:28,179 It may not be fully compatible, but I think you're still... 329 00:24:28,384 --> 00:24:31,206 You're still doing something which is better than nothing. 330 00:24:32,007 --> 00:24:38,292 I would say some critics, they argue that MITRE ATT&CK focuses too much, I don't 331 00:24:38,292 --> 00:24:43,437 know if you can possibly do that, but they say too much on advanced persistent 332 00:24:43,437 --> 00:24:44,457 threats. 333 00:24:44,858 --> 00:24:50,463 And that is something that may not be as relevant to smaller organizations because 334 00:24:50,463 --> 00:24:56,327 they're getting hit by more of the drive-by, the botnet, because... 335 00:24:56,928 --> 00:25:02,591 advanced persistent threats typically need resources and are very targeted and 336 00:25:02,591 --> 00:25:09,475 directed so they go after what we call the bigger fish or their wailing a lot of 337 00:25:09,475 --> 00:25:14,998 smaller organizations they just get hit by kind of more of the automated stuff and 338 00:25:14,998 --> 00:25:19,801 it's like casting a wide net and seeing what you get that's more of how those 339 00:25:19,801 --> 00:25:25,440 attacks are and miters is good but not amazing for that 340 00:25:25,440 --> 00:25:28,582 there's other frameworks that I think are a little bit better. 341 00:25:28,943 --> 00:25:33,687 And I think some of the smaller organizations should be focused just on 342 00:25:33,687 --> 00:25:42,335 the basics, which is like a CIS 18 or a NIST CSF type of an approach, but we could 343 00:25:42,335 --> 00:25:43,656 talk about that later. 344 00:25:43,716 --> 00:25:48,741 And then I would say, you know, despite some of the limitations that you could 345 00:25:48,741 --> 00:25:52,276 mention, it's still, Mitre ATT&CK is still valuable. 346 00:25:52,276 --> 00:25:56,099 and it's a great tool for any organization. 347 00:25:56,099 --> 00:26:01,403 And I'll say this in quotes, that is serious about cybersecurity. 348 00:26:01,964 --> 00:26:07,729 So I hope this information gives you a good understanding of MITRE ATT&CK and the 349 00:26:07,729 --> 00:26:12,373 influence in the cybersecurity world overall. 350 00:26:12,373 --> 00:26:17,177 Well, thanks everybody for spending some time with me and e360 Security. 351 00:26:17,217 --> 00:26:19,939 Have a great rest of your day. 352 00:26:23,982 --> 00:26:25,082 Good stuff. 353 00:26:26,203 --> 00:26:27,904 Knocked that out in about 26 minutes. 354 00:26:27,904 --> 00:26:31,907 I think it's a good digestible length. 355 00:26:31,907 --> 00:26:36,449 Okay, I'm gonna stop this recording, but while I have you, I think we should do.