ServiceNow might have started out as a ticket management and IT service management tool but the company has evolved into all areas of business workflow. And part of that evolution has been a push into information security. The company now boasts tools for automating security response so limited security resources can focus on critical threats and not be distracted by known attack vectors that can be actioned by an automated responder. Yuval Cohen is ServiceNow’s CISO and I spoke to him about the current threat landscape and what security professionals need to focus on.
Cohen says that today’s attackers maintain the same sorts of motivations they always have.
“The motivation is financial, monetising a bad act. I see things connected to political events, unsatisfied employees trying to get back at an employer. The last category I see is stupidity – people clicking on this or that and thinking they are just kidding around”.
And while he’s not seen this himself, Cohen says nation-state attacks are out there as well.
The attacks are getting smarter as they are able to deploy the same tools and technologies we have access to but, Cohen says, most of the attacks he sees are quite simple.
“With correct security hygiene, you can potentially avoid them. But if some one really wants to steal data and has enough time, money and resources, he will eventually succeed”.
However, it is largely an economic argument he adds. There’s little reward in spending five years trying to breach a large and secure operation when there are easier financial gains to be made by attacking less secure targets.
One of the groups that is often targeted by bad guys are SMBs. They are often under-resourced and unaware of the risks they face. And while they might be a specific focal point for attackers, they are a potential source of revenue for threat actors.
“They are targeting where the money is,” says Cohen. “It’s about generating a quick return on investment. They attack banks because that’s where the money is”.
With the volume of attacks increasing, Cohen noted that automation is becoming a key tool for security teams. If you look at the type of attacks and categorise them, you can see that many attacks are similar. That allows you to create automated responses.
Likening it to signature-based antivirus, Cohen says this allows you to focus your resources on more sophisticated attacks. He also noted that ServiceNow has “doubled down” on threat hunting tools.
“It’s a constant battle. You need to allocate resources to understand the threat landscape, the types of attacks and responding through automation”.
When it comes to knowing what to focus on, Cohen says CISOs need to understand that many of the biggest attacks recently weren’t the result of a data scientist designing some new and previously unknown tool in order to execute a completely new type of online assault.
Patching and basic system hygiene are critical he said. He added that using two-factor authentication, IP whitelisting and other simple techniques are also important.
“My advice to CISOs is to make sure the basics are in place,” he said.
Cohen added that it’s also important to look within the organisation.
Do your employees have the right mindset – a security mindset?”, he says. “Attackers like to employ the weakest link”.