Forensics , Governance & Risk Management , Incident & Breach Response
Ex-FBI Official on Why Attribution Matters
Kesner: Knowing Attackers is Key to Building Better DefenseAttributing who's behind cyberattacks is essential because it helps organizations build better defenses against future attacks, says Greg Kesner, the former chief of the Federal Bureau of Investigation's Data Intercept program.
And over the past 12 to 18 months, financial services organizations in particular have enhanced their abilities, through technology and information sharing, to attribute attacks to certain threat actors, Kesner notes.
"To be able to be better protect yourself from the adversaries that we are seeing today, you really have to know what they've done in the past and what their trade craft and mechanisms are," says Kesner, who now works as a senior security consultant at digital forensics firm Larson Security. "So, the more quickly we can identify who's responsible for a specific attack, the more likely it is we can iterate our defense mechanisms for future attacks from those individuals."
Cyberwarfare and nation-state-backed attacks waged for cyberespionage and crime have quickly become leading national security concerns, Kesner says. To prepare for, identify and mitigate risks associated with those types of attacks, it's critical that targeted organizations know who's behind the attacks, Kesner explains during this interview with Information Security Media Group.
Kesner sees two general categories of attackers: One seeks intellectual property, and the other is after financial data and personally identifiable information. Among the attackers focused on financial and payments fraud, Kesner says there are smaller groups of adversaries that are focused on targeting many different entities and information. And this is why attribution matters, he adds.
"What are the individual characteristics about that attack?" Kesner asks. "All attribution starts with the knowledge of where the attack started from."
During this interview, Kesner also discusses:
- Why information sharing about cyber-attacks is so critical;
- How attackers hide their identities to throw law enforcement off their trail;
- Simple steps organizations can take to effectively track their attackers.
For more than 20 years, Kesner served at the forefront of the U.S. government's efforts in cybersecurity and counter intelligence. Before joining Larson Security, he led data-intercept operations for the FBI and served in different intelligence capacities. During his tenure with the FBI, Kesner supported thousands of national security and cyber investigations.