#Infosec18: Stealthier Attacks are Blurring the Lines Between Cybercrime & Statecraft

Speaking at Infosecurity Europe 2018 in London George Kurtz, CEO and co-founder of CrowdStrike, reflected on the current global threat landscape and latest cyber-trends.

Kurtz explained that some of the most advanced tactics, techniques and procedures commonly used by nation state actors are finding their way into mainstream online criminality, enhancing the challenges companies are facing to keep their data secure.

“Today’s threat landscape looks blurry,” he said, with significant changes in adversary types, attack methods and geography all playing a part. “Launching cyber-attacks has never been easier” for adversaries who are adopting and commoditizing more and more sophisticated techniques traditionally used by governments and the military, he added.

The speed of attacks is also a factor having a big impact, with Kurtz stating that the average time for an intruder to begin moving laterally to other systems on a network is now just one hour and 58 minutes, so “speed is everything.”

With regards to the best practice strategies organizations should implement to defend against increasingly sophisticated attacks, Kurtz pointed out that traditional security is based on a castle-like “defense in depth” approach which is, in today’s landscape, indefensible, as eventually the castle will be overrun.

Instead, he advocated a new approach of “defense in breadth”, using breadth of platform and breadth of protection.

Breadth of platform must “provide all of the elements of an advanced, adaptive and truly integrated security architecture,” whilst breadth of protection must “give all organizations access to equal protection against all threats from the most common to the most advanced, 24 hours a day, 365 days a year.”

What’s Hot on Infosecurity Magazine?