Monday the 3rd of October some 100 Cyber and IT Security professionals joined the Danish conference Børsen IT-sikkerhedskonference 2016, moderated by the Editor in Chief, Niels Lunde. On the agenda, Cyber Crime was the dominating topic for the day. This was the first time the conference took place and personally, I enjoyed the high standard presentations and interacting with the audience, from public and private sector, including security specialists and industry people.
The first speaker was Thomas Lund-Sørensen, CEO of the Center of Cyber Security at the Danish Intelligence Agency. He drew everyone’s attention referring to a Børsen front-page interview with him, from the same morning, on the latest trends in malware and server intrusion, under the title “Foreign Nation hacks six Danish companies”.
Most of the conference presenters said they do not believe it is possible to prevent all IT systems from malware, and that the reason for this is the human factor. There will always be one particular person accidentally following a bad link and is infected. Common consensus were the need to keep high awareness preventing the employees to download malware. Nordea’s CIO Jacqueline Johnson did a very inspiring presentation on exactly that.
The topic was not only Cyber Crime. Speakers were also describing solutions to risk base their control activities, while focusing on cyber threats. One of these was Lars Falch, Vice President of IT Security & Quality, at Novo Nordisk. He described how the ownership of risk is moving away from a one-size-fits-all “tower” where you see the threats and risks as a question of complying to a set of business rules, and to a modern, risk-based approach, where the individuals in the organization sees themselves as risk informers that adopts an IT security mindset. This approach complies very well with the SAS® Analytics concept of moving the decision support, the advanced algorithms, to where the decision is taken. In this case, by the user, in his mailbox, where he decides not to click on the malware link.
Personally, it was also interesting to listen to Robert Hayes, the EMEA Executive Cybersecurity Adviser of Microsoft. His presentation started with stating that transparency and privacy is the Microsoft commitment – also when protecting the individual users and companies against cyber threats. It was a minor paradox though, that he concluded, that the Microsoft solution to this is a huge centrally placed Cyber Defence Operation Center with more than 50 security experts manually monitoring everything that goes on in Active Directories worldwide.
The former FBI employed cyber expert, Greg Kesner, stated that having hundreds of Microsoft experts monitoring all data in the world does not help, if there is only one CEO who is conned to reveal her password to the essential data. Kesner presented “the cases that was the most difficult for FBI to solve” – CEO Phishing. Before his presentation, I had the opportunity to talk to Kesner, and he mentioned that they had been using SAS software to identify Cyber criminals by text mining and data base searches (e.g. when different names are related but not the same etc.).
As my presentation were after FBI, I started with a bold statement that “SAS uses analytics to help solve the cases that FBI finds difficult”. My message was that as opposed to the protection strategies of other vendors, SAS Institute uses advanced analytics to identify changes in behavior on the site. This means that even if the intruder is using the CEO’s user name and password, he will act differently than how the CEO usually acts, and will be revealed by his outlier behavior.
I also mentioned the use of network analytics and event analytics to identify an attack long time before the intruder has gained access to sensitive information. Furthermore, the use of machine learning algorithms to dynamically minimize and prioritize between the extremely high number of falsely positive alerts that hits an anti-Cyber Fraud officer every day.
The conference was wrapped-up with these words from the moderator: “It is not the systems that are being hacked. It is more often the people using the systems. As it continues to be important to protect the systems, it is equally important to protect the systems from the people. We have seen good examples today, as of how this can be done, by using change management and training of employees – and by using advanced analytics. The question is how you perform in implementing these countermeasures?” I find that we at SAS Institute has just the right analytical tools to respond to that question.
Eager to learn more? This e-book explores how SAS solutions for fraud detection and prevention provide an essential layer of protection that helps prevent fraud, waste and abuse, achieve compliance and more.