Select Page
Community-Blog02

Relationships in the Cyber Era

By Ilan Abadi, Vice President and Global CISO at Teva Pharmaceuticals

The APT era is here. Attacks are becoming more common and the level of damage increasing in severity. As CISOs, we must prepare for the APT era. We must commit to changing our attitude and not adopting only advanced technological tools. The current awareness is not sufficient for this era and in this article I will share my experience in increasing the ability of APT containment from a Tactical Strategic Relationships perspective (TSR).

As CISOs, we must prepare for the APT era.

Lateral Move has become an art form adopted by attackers. They work according to a regulated Play Book and every action is carefully calculated to stay under the radar. Using obfuscation tools and the fast deletion of traces of any operation make it very difficult for cyber security systems to detect. Some of the goals in Lateral Move are to gain control over privileged accounts but, like any human, the attackers sometimes make mistakes. A random, irregular action can raise general (but insufficient) suspicion that links the incident to a hostile cyber-attack. Unfortunately, the current awareness plans applied by an enterprise with a global presence and thousands of employees are ineffective in the event of such an attack. Professional, ongoing relationships with strategic partners in and outside your organization should be created in order to link abnormal activity to an APT attack and contain the cyber event quickly.

Despite my extensive experience, I am not a great relationship expert and will probably still be in the learning stage for the rest of my life. But I do know however that there are a number of basic elements in any relationship that are mandatory for success.

There are a number of basic elements in any relationship that are mandatory for success.

Choosing a Partner

I give first priority to choosing the partner to build a relationship with. Time is precious; we cannot build many relationships, and certainly not in an enterprise that has tens of thousands of employees, hundreds of departments and is located in numerous places around the globe. We need to carefully select the relationships we want. I would choose them based on their criticality to the organization and their proximity to the areas we know are most vulnerable to attack. Sometimes, these partners sit outside the organization. Major consideration for example is given to vendors who we need to drop in to the Battle Zone. IR teams and Threat Hunting teams rely on these deep, professional relationships, otherwise they suffer from the long curve of ineffectiveness.

Investment

When we want a relationship to succeed, we must invest in it. If we decide to invest, we will of course need the appropriate resources. First, create a dialogue with the department’s management. Make an effort to understand their business and build relationships with key employees. Participate in and create joint meetings to ensure a continuous, mutual understanding of a common goal: protecting the organization. Stress the importance of paying attention to things that seem unusual. Become an advisor to help decrease the number of False Positives. And keep at it. Without regular cultivation, assume that even a strong, well-built relationship will fail to identify and contain an APT event.

Routine

Routine is the enemy of every relationship. Falling into a routine creates a kind of numbness that breeds apathy and ill preparedness. As a result, keep relationships fresh. Cyber-attacks are reported almost every day and are a source of interest to people. We as CISOs can educate employees and give them the tools to avoid a cyber-attack in the home or office. Schedule “Lunch and Learn” sessions. Invite your vendors to present. These activities create mutual added value and help you reach your ultimate goal: maintain a workplace that provides security for the organization, its employees and their families.

There are very few indications that you’re under attack by an APT. When you do discover it, you need to react fast and smart. By maintaining a Tactical Strategic Relationship with key players, you can alert and mobilize them quickly. And when you “drop” an IR professional vendor into the Battle Zone, they will be more effective in a shorter period of time. The end result is containment and it’s attributable to the TSRs you’ve built and maintained.

By maintaining a Tactical Strategic Relationship with key players, you can alert and mobilize them quickly.

Today, more than ever, the CISO’s role is complex; we are required to create a resilient and fast recovery system in the event of a cyber-attack. A cyber-attack’s impact is significant in terms of money and time. If we look around, we will see that organizations today lose tens of millions of dollars and more to these events. Recovery times are prolonged, which drive costs up further. Sustained investment therefore in Tactical Strategic Relationships with specific IT/Business teams and vendors will help us to act faster and contain the damage from these next generation attacks.

Ilan Abadi is Vice President and Global CISO at Teva Pharmaceuticals. Connect with Ilan on LinkedIn.

Want to stay up to date with the latest news and opinions of CISOs from around the world? Subscribe to our newsletter to gain insights and updates from CISO Street.

RELATED POSTS

The Risk of Measuring Risk

The Risk of Measuring Risk

Automated measuring of control effectiveness is a very good idea conceptually. When you can combine control gaps with relevant threat information, you get a very good picture about the actual technical cyber risks your business faces. If done correctly, it provides...

Stagehand: Episode 4

Stagehand: Episode 4

Keith and I left the scene like we found it: the two kidnappers dead on the floor, their shotgun up against the wall, and the rope used to tie up Carl Timmons sprawled out on the floor. We tipped off local law enforcement and were gone before they arrived, leaving no...

SecOps Needs More Democratization, Not Less SOC

SecOps Needs More Democratization, Not Less SOC

An increasing complexity of technologies, as well as an increasing number of failures and attacks followed by an increasing dependency on business goals is changing the way we run Security Operations Centers. I previously discussed the concept of a Fusion Center as an...

Measuring a Cyber Awareness Culture

Measuring a Cyber Awareness Culture

Until recently, cyber awareness metrics have been treated by many as a tick-box exercise driven by regulations. The regulator requires x number of hours of cyber awareness training per employee per year, and once that is done, the organisation ticks a box and waits...

Good Enough Isn’t Good Enough Anymore

Good Enough Isn’t Good Enough Anymore

The cyber risks we face today are more than we faced previously but also fundamentally different in several respects. Our adversaries are more adept and their tools and tactics more protean in capability.  In light of these increasing challenges, our cyber defenses...

Stagehand: Episode 3

Stagehand: Episode 3

Cyprus ~ 2006 Ali Hassan was a low-level operative in Hezbollah, but we had it on solid authority that he knew where three high-level leaders of the terrorist organization were hiding. Keith arrived fifty-seven hours into Hassan’s interrogation and by the looks of it,...

Five Best Practices to do Supply Chain Security Right

Five Best Practices to do Supply Chain Security Right

Supply chain attacks aren’t new. In fact, The National Institute of Standards and Technology (NIST) published their initial report on supply chain risk back in 2015. One of the most well-known supply chain attacks happened shortly after in 2017. NotPetya corrupted...

Stagehand: Episode 2

Stagehand: Episode 2

Carl Timmons: CISO of Illuminating Solutions, a data analytics firm, forty-seven years old, never been married. Last Thursday, Carl arrived in San Jose on business. He was picked up by a company car and driven to The Manifeld Hotel. He was last seen leaving the hotel...

The Dark at the Top of the Stairs

The Dark at the Top of the Stairs

Let’s say you need to apply a critical patch across the organization, and the patch requires a reboot. While forcing a reboot to apply a critical patch is important, it creates business disruption that ripples out to your customers. Sooner or later, someone in the...

The Risk of Banking

The Risk of Banking

I just came off a big Zoom call with traditional bankers where they discussed changes in client behaviors, and the impact which new technologies bring, that fundamentally challenge today’s traditional European banking models. At the end of 2019, Boston...

Effective Board Communication for CISOs

Effective Board Communication for CISOs

Know Your Board If you’re a CISO, your Board generally knows who you are and what you do. But do you know who they are? No Board is monolithic. Each Board member brings unique value to the Board. Each is selected for what they add to the Board’s perspective, vision,...

Cyber Ops Must Evolve Towards Fusion Centres. Here is Why.

Cyber Ops Must Evolve Towards Fusion Centres. Here is Why.

Since the advent of space exploration in the 1960s, every child understands that the success of the space mission is dependent not only on the astronauts, but also on the engineers in the mission operation center. All complex missions or operations are high risk and...

Mitre Disrupting Advanced Persistent Threats
Share This