IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
IT Pro Podcast

The IT Pro Podcast: Does threat attribution matter?

There are many clues that can tell us who’s behind a hack - but it may not be worth knowing

The IT Pro Podcast: Does threat attribution matter?

There is a vast universe of threats facing modern businesses, from opportunistic lone hackers and organised criminal gangs, to state-backed intelligence units working for nations such as Russia and China. Attempting to divine which of these groups is behind a given cyber attack has almost become an industry in and of itself, with numerous tools being leveraged by analysts and researchers to assign blame.

But is there any actual value for businesses in knowing exactly which individuals are responsible for cyber crimes targeting them? Outside of law enforcement organisations attempting to bring the perpetrators to justice, what do we gain from the process of cyber threat attribution? We’re joined this week by Don Smith, Vice President of SecureWorks' counter-threat intelligence unit, to learn more about the clues that can inform attribution, and whether or not CISOs and security professionals need to worry about it in the first place.

Highlights

“It's very, very important to attribute to a degree; attribute to what, in the old days, we used to call intrusion sets, to these names that security companies come up with. Attributing beyond that clustering, to individuals or organisations or countries, is much, much harder… And the benefit is, bluntly, not as tangible to us in terms of our effort. So what you will find is, there's an awful lot of effort goes into attributing to the clusters, less so to attributing to individuals - with the one notable exception of governments, where it's very important to have attribution for some of these attacks.” 

“I think the biggest misconception is that out there is a structured blank jigsaw waiting for people to put the right piece in the right box... And that just doesn't exist. I know how my team attributes different intrusions. I know we use the diamond model, I know we have a high threshold for crossover of tooling in particular because of tool reuse. And we look for real uniqueness before we bucket things into into particular groups.” 

“I think it's important on a day to day basis that a CISO knows that the people behind Emotet are a large scale, highly organised criminal organisation that have been going for over a decade and aren't going to give up; that their intent is criminal money making. But it's not, two guys in hoodies, hunched over a laptop somewhere in Russia. So that kind of day to day operational understanding of who the actor is, in a general sense, I think is important for CISOs.”

Read the full transcript here.

Footnotes 

Subscribe

Featured Resources

Three ways manual coding is killing your business productivity

...and how you can fix it

Free Download

Goodbye broadcasts, hello conversations

Drive conversations across the funnel with the WhatsApp Business Platform

Free Download

Winning with multi-cloud

How to drive a competitive advantage and overcome data integration challenges

Free Download

Talking to a business should feel like messaging a friend

Managing customer conversations at scale with the WhatsApp Business Platform

Free Download

Recommended

The IT Pro Podcast: Enabling bilingual business
collaboration

The IT Pro Podcast: Enabling bilingual business

30 Sep 2022
The IT Pro Podcast: Meet the cyborg hacker
hacking

The IT Pro Podcast: Meet the cyborg hacker

23 Sep 2022
The IT Pro Podcast: How the energy crisis will impact data centres
data centres

The IT Pro Podcast: How the energy crisis will impact data centres

16 Sep 2022
The IT Pro Podcast: Are phishing tests a waste of time?
phishing

The IT Pro Podcast: Are phishing tests a waste of time?

9 Sep 2022

Most Popular

What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
BT's new platform promises to slash AI development time from months to days
artificial intelligence (AI)

BT's new platform promises to slash AI development time from months to days

3 Oct 2022