“Anonymous has held a mirror to our neglect,” said Joshua Corman (@joshcorman), Director of Security Intelligence for Akamai.
Our best practices for security aren’t anymore, Corman said. To just build risk management profiles around vulnerabilities and assets doesn’t target the attacker. We must be building our risk management around our adversaries.
Corman pointed the need for an adversary-centric risk management approach in our interview at RSA 2012. As he said in that interview and this interview, breaches aren’t a result of what you did, but rather who was after you, and what they were after.
At Interop in Las Vegas this year we spoke again about using open source, private, and paid intelligence in order to formulate your adversary risk management program. Unfortunately, said Corman, most organizations aren’t taking advantage of intelligence to build their adversary-risk profile.
You’re not defending against just one or a few attackers. We have a pantheon of adversaries, said Corman. To make sense of the milieu, you must understand the map of adversary classes, their motivations, what assets they want, plus their tactics, techniques, and procedures or TTPs. Understanding TTPs of well known adversaries, such as Anonymous, will allow you to identify what’s a true attack and what’s not.
For more on Anonymous, Corman has been writing on his blog, Cognitive Dissidents, along with Brian Martin, what appears to be a thesis on Anonymous. To take a deep dive into Anonymous, read the first six parts of his series here:
“Building a Better Anonymous” Series: Part 1, Part 2, Part 3, Part 4, Part 5, Part 6
If you’re looking for a more digestible overview, or want to hand something to a C-Level employee that’s not loaded with security jargon, forward this article from Vanity Fair, World War 3.0, which includes interviews with Corman, Vint Cerf, Jeff Moss, and Dan Kaminsky.
Editorial images of Anonymous courtesy of Rob Kints / Shutterstock.com