Cb Connect 2018 | Power of You | Register Now

What ‘Nightingale Floors’ From Historical Japan Can Teach Us About Intrusion Suppression

Kyoto
TK
June 13, 2018 / Tom Kellermann

Multinational corporations are under siege from a multiplicity of threat actors. The cyber arms bazaar that flourishes around the world has allowed for criminals and nations to wage long-term campaigns against corporations and government agencies. These cyber criminals stalk businesses and consumers from the fog of the dark web. Evidence suggests that the dark web has become an economy of scale wherein the cyber-crime syndicates have begun to target the inter-dependencies of our networks. 2018 has ushered in a foreboding era of digital colonization of American cyberspace. 

As the cyber criminal community burrows into our networks we must appreciate that after the initial theft of data they tend to hibernate. This hibernation allows for secondary schemes of monetization. Some of these criminal endeavors include reverse business email compromise against your customers, wateringhole attacks, and island hopping.   

A recent study, conducted by Carbon Black, surveyed financial institutions per “Modern Bank Heists.” The study noted that 44% of respondents were very concerned with the security of their technical service providers and anticipated “attempted” island hoping to occur in the coming months. 

Cyber criminals realize that there is implicit trust in your brand. This trust can and will be exploited. The modus operandi of cyber criminals has been modernized and thus we should allow their offense to inform our defense. A strategy of intrusion suppression must be enacted.  Intrusion suppression is defined as the detection, diversion via deception, containment and hunt of a cyber adversary in a clandestine fashion. 

Historically, the first manifestation of intrusion suppression occurred in feudal Japan in 1185. Floors were designed to make a chirping sound when walked upon. These floors were used in the hallways of some temples and palaces, the most famous being Nijo Castle in KyotoJapan. These floors were designed so that the floors nails rubbed against a clamp, causing chirping noises. This tactic was deployed to thwart ninjas from assassinating feudal lords as they slept. Once awoken to the “Nightingale floors” the “intended” victim would toss makibishi, along the walkway.  The makibishi would puncture and then poison the slippered feet of  attackers. 

In 2018, CIOs must enhance the scope and diligence of their supply-chain security assessment. First, security strategies must encompass more than technology vendors. Law firms and marketing firms should be included in all annual security assessments. Second, any merger or acquisition must include a “hunt” e.g. compromise assessment. Such a compromise assessment should include a penetration test from within your network to the outside world. Finally, service level agreements (SLAs) must be modernized to mitigate the cyber crime and cyber espionage.  Therefore, the rigor of the security controls required must encompass elements of intrusion suppression like the proactive use of hunt teams, iron boxing  and deception grids.

Managing cyber exposures to your supply chain is a function of conducting business in 2018. Beyond mere compliance with existing standards, corporations must protect their brand before it is hijacked. Supply chain risk management requires an architectural paradigm shift. 

Modernizing defense-in-depth will allow an organization to thwart the burgeoning digital invasion. It is imperative that we reevaluate all vendor relationships and institute increased safeguards and oversight as information supply chain risk is here to stay. Cybersecurity investment mitigates third-party risk. Those companies who embrace brand protection as a function of comparative advantage will remain the titans of industry.

TAGS: Carbon Black / Intrusion Suppression / Tom Kellermann