SECURITY
SECURITY
SECURITY
The collective defense: Why transparency and knowledge sharing are essential in cybersecurity
In the world of cybersecurity, transparency and knowledge sharing are vital tools for collective defense.
Thus, organizations must learn to improve their cybersecurity practices by studying incidents that have occurred at other companies as a starting point.
“A lot of times, people are afraid to do this, because there’s a stigma against data security events,” said Charles Carmakal (pictured, left), chief technology officer of Mandiant, a Google LLC company. “But we all learn when we openly share learnings from the variety of security attacks that we all deal with on a day-to-day basis.”
Carmakal and Jeff Lunglhofer (right), chief information security officer at Coinbase Global Inc., spoke with theCUBE industry analysts Rob Strechay and Rebecca Knight at the mWISE Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the importance of open conversations, robust authentication methods, key protection and the value of information sharing among organizations. (* Disclosure below.)
Social engineering and ‘push fatigue’
Social engineering, the act of unwittingly extracting access information from within an organization, is a popular tactic today. In the recent Coinbase Inc. incident, a threat actor used persuasive tactics to trick an employee into providing their username and password on a phishing website, according to Lunglhofer.
“The situation we dealt with at Coinbase was a traditional but sophisticated and advanced social engineering attack,” he said. “It occurred over the course of about four hours. We had several dozen of our employees who were contacted directly by a threat actor that we lovingly call ‘Scattered Spider’ and a few other code names that Mandiant and our other colleagues have come up with.”
There’s also the concept of “push fatigue,” where users may become desensitized to authentication prompts, potentially compromising security. There needs to be stronger authentication methods, such as One-Time Passwords (or OTP) and physical security tokens, such as YubiKeys, to enhance security while maintaining convenience, Lunglhofer added.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the mWISE Conference:
(* Disclosure: Google Cloud sponsored this segment of theCUBE. Neither Google Cloud nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
