Our Views:
This month’s theme is “Enfuse Forensic and Cyber Conference 2019”.
The Enfuse Conference was held at the Venetian Resort across four days in November 2019. Two members of Incident Response Solutions attended the event, which included a keynote from James Clapper, the Former U.S. Director of National Intelligence. Below is a selection of take-aways from the conference.
The effects of Emerging Technologies on Digital Forensics and Incident Response
This session provided forensic examiners and incident responders with an insight into ‘MITRE ATT&CK™’, a knowledge base of adversary tactics and techniques based on real-world observations. The focus of this resource isn’t on the tools and malware that adversaries use, but on how they interact with systems during an operation. ATT&CK organises these techniques into a set of tactics to help explain to provide context for the technique. Each technique includes information that assists in understanding the nature of how a technique works and also to a defender for understanding the context surrounding events or artifacts generated by a technique in use.
Why the Legal Profession Must Rethink and Change its Approach to Data Security
Law Firms are not only subject to external attacks, but also insider threats through either careless or malicious actions by employees.
According to the ‘ABA TECHREPORT 2019’ from the American Bar Association, 26% of law firms experienced a data breach.
Law firms hold sensitive data which is valuable to cyber criminals, including information about corporate deals and strategic plans, intellectual property, litigation documents, and financial information such as trusts or conveyancing.
Research cites a lack of documented policy, inferior technology, no formal training programs, poor management and a failure to monitor and detect threats as reasons why law firms may fall victim to a cyber-attack. The ABA has introduced new model rules and opinions on how to combat this threat.
Keynote – James Clapper, Former U.S. Director of National Intelligence
Six years ago, at the same event, General Michael Hayden, a former Director of the National Security Agency and Central Intelligence Agency discussed the threats associated with leaking confidential information in the age of the Cyber War. One week later, Edward Snowden leaked information about the Prism program.
James Clapper detailed the emerging threat of weaponisation through social media. Such actions can lead to the influencing of elections and the general decline of trust. He referred to the response to such threats as a ‘global whack a mole game’.
Clapper advocated the need to thoroughly investigate any cyber-attack, learn from the intel gained, which should lead to a better defence the next time your organisation is attacked.
He also discussed his concerns around taking too much of a wide reaching response to insider threats, where systems are setup to try and ‘catch’ staff. He cited this type of action may reduce the loyalty of your staff.
Clapper concluded by saying that the US will be financially paying the price of the Snowden leaks for many generations to come.
About the Bulletin:
The NZ Incident Response Bulletin is a monthly high-level executive summary containing some of the most important news articles that have been published on Forensic and Cyber Security matters during the last month. Also included are articles written by Incident Response Solutions, covering topical matters. Each article contains a brief summary and if possible, includes a linked reference on the web for detailed information. The purpose of this resource is to assist Executives in keeping up to date from a high-level perspective with a sample of the latest Forensic and Cyber Security news.
To subscribe or to submit a contribution for an upcoming Bulletin, please either visit https://incidentresponse.co.nz/bulletin or send an email to bulletin@incidentresponse.co.nz with the subject line either “Subscribe”, “Unsubscribe”, or if you think there is something worth reporting, “Contribution”, along with the Webpage or URL in the contents. Access our Privacy Policy.
This Bulletin is prepared for general guidance and does not constitute formal advice. This information should not be relied on without obtaining specific formal advice. We do not make any representation as to the accuracy or completeness of the information contained within this Bulletin. Incident Response Solutions Limited does not accept any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, when relying on the information contained in this Bulletin or for any decision based on it.
Incident Response Solutions 