Interview with Security Expert and Author Ira Winkler
- by Brittany Day
Brittany Day recently had a conversation with acclaimed cyber security expert Ira Winkler, author of Advanced Persistent Security: A Cyberwarfare Approach. Mr. Winkler is a security researcher and a former NSA employee who writes about cyber security and enterprise digital threat protection.
In this interview, he discusses his career, his views on computer security and his role in building effective enterprise protection systems.
Mr. Winkler is also the President of Secure Mentem. As an author, his writings clearly explain the ongoing threats that businesses face and the approach they should take to effectively combat them.
Understanding threat actors’ motives is extremely important in successfully fighting attacks. Winkler’s background in psychology has provided him with a unique and exceptional understanding of this aspect of cyber security threat.
Ira Winkler is a renowned security researcher and author with a background in Psychology which has enabled him to better understand threat actors’ strategies and motives. Ira, how did you get involved in security and how did your career as an author begin?
My career as an author with an expertise in cybersecurity had a somewhat unusual beginning. As you mentioned, I earned my undergraduate degree in Psychology. At the time, I did not have much of an interest in computers or digital security. However, I wanted a job in the foreign service, but the career counselor also recommended I take the test for NSA. I took a test for the NSA, which showed I had an aptitude for many career fields. I took a job as an intelligence analyst, which I hated. So, I applied for the Computer Intern program, where I was retrained as a computer systems analyst. After a few years, I left the government and went to work for government contractors. They had policies that if you were accepted to a professional conference, they would have to send you, so I submitted conference papers and articles about security, which received a great response. I went on to write my first book Corporate Espionage. A year later, my second book Through the Eyes of the Enemy was published. Since then I have written Spies Among Us, Zen and the Art of Information Security, and Advanced Persistent Security. I am currently in the process of writing my sixth book, You Can Stop ‘Stupid’, which will be published in 2020.
Ira Winkler uses the term Advanced Persistent Security to describe a proactive approach to enterprise cyber security which includes an effective protection/detection/reaction strategy. Ira, can you sum up what Advanced Persistent Security means to you?
The term “Advanced Persistent Security” should be referred to as adaptive persistent security. This concept describes a comprehensive security approach that takes protection, detection and reaction into account. I think it is important to grasp that security fails when a threat actor gets out, not when he or she gets in. The problem is that the criminals go undetected. In many cases, threat actors are not outsiders. Rather, they are employees. This is something that is important to consider when creating a protection/detection/reaction strategy. Another important concept is that there is no such thing as perfect security. Threat actors are always thinking of new ways to carry out attacks, hack into networks and compromise information. They are often highly persistent and refuse to give up until they have succeeded. Thus, businesses should expect this and build failure into their security posture. A successful protection/detection/reaction strategy matches the persistence of attackers’ methods and evolves to take the latest attack variations into account. As I state in Advanced Persistent Security, “Advanced Persistent Security is Defense in Depth that is enhanced with a comprehensive methodology for integrating the appropriate and properly configured detection capability, along with proactively implementing and executing a reaction capability.”
In Advanced Persistent Security, you explain the importance of designing and implementing an effective enterprise protection/detection/reaction strategy. In your opinion, what is the biggest misconception that currently exists regarding enterprise protection/detection/reaction strategies? What is a common security mistake you see many businesses making?
As is true in many aspects of life, people often fail to consider the basics when thinking about enterprise protection/detection/reaction strategies. It is not uncommon for security experts to focus on addressing highly complex and somewhat obscure attack variations, and to neglect basic cyber hygiene. Basic attacks are still around because they are highly successful. For instance, the latest attacker du jour, APT 10, began their latest attacks with a classic spear phishing email.
Threat intelligence is a complex concept that many people do not fully understand. Your book Advanced Persistent Security talks about building a threat intelligence program. Can you tell our readers what that means and how one would get started doing that?
Threat intelligence means different things to different people. In my opinion, a true threat intelligence program stands apart from traditional security technologies and products in that it is an ecosystem that can be tuned, programmed and continually analyzed to suit the resources and threats with which they are working against on a daily basis. The first step in building a successful threat intelligence program is proactively determining the types of threats that pose a risk to your business. The more specifics the better: try to identify who would carry out these attacks and the tools and methods they would likely use to do so. This information is important in developing effective countermeasures. In general, businesses need to be better about planning and preparing for attacks, not just reacting to them.
The Dark Web is a term that refers to a collection of websites that exist only on an encrypted network and cannot be accessed using traditional search engines or browsers. Many security researchers and ethical hackers use the Dark Web as a resource for their research or their work. How can a security researcher or ethical hacker benefit from using the Dark Web?
Although the Dark Web has a bad reputation, it does have some benefits for security researchers and hackers. Primarily, the Dark Web has great resources for finding and buying attacks of different types. It makes committing computer crimes easy. However, if you monitor it appropriately, you can stay abreast of the latest concerns. While the Dark Web does contain a lot of illegal material, it is interspersed with valuable resources and research material.
Botnets have been a major security concern for the past 20 years. What are some current trends you have noticed related to botnets? How do you feel they should be addressed?
To be honest, not much has changed regarding botnets since hackers began using them. Approaches that are currently being taken to combat botnets are generally ineffective, because they are reactive instead of proactive. In other words, people try to blacklist botnet nodes after an attack is in progress, but do not try to take down botnets as they are built. Even when you know where they are, it takes a coordination of law enforcement and vendors to take them out.
The digital threat landscape is always changing and evolving and attacks are becoming increasingly advanced and dangerous. In what ways do you feel cyber security has changed/evolved over the past five years? What changes do you expect to see in the next five years?
In my opinion, the same underlying problem persists: known vulnerabilities are not being patched. Companies and vendors are often careless when it comes to fixing known security bugs that exist in their products, and then it comes as no surprise when these flaws are exploited. This is essentially a cyber hygiene issue. Threat actors are succeeding due to known weaknesses that should not exist, coupled with ineffective protection/detection/reaction strategies.
Email attacks are more sophisticated and targeted than ever before. What do you feel is the single biggest email threat that businesses currently face?
This is a difficult question to answer, as the email threat landscape has become very diverse and complex. I will say, however, that malware, ransomware, and phishing have always been and continue to be very successful methods of attack. Even with user education and training, user behavior is unreliable, so it is critical to create a strong environment around the user through the use of technology. Investing in a well-designed cloud email security is the single best way to mitigate email threat risk by preventing the attack from getting to the user.
Social engineering plays a critical role in many email attack variations like spear phishing, whaling and BEC. In what ways do you think that social engineering has changed/impacted the email threat landscape over the past five years?
This may come as a surprise, but I actually don’t think social engineering has changed much at all in recent years. Social engineering attacks have been centered around lying and manipulating from the start. Attacks vary greatly and the tactics used can be very creative and unique; however, the motives behind these attacks are the same or very similar as they were in the beginning: to deceive users into sharing confidential or personal information that can be used for fraudulent purposes.
Guardian Digital is looking forward to following up with Ira in another interview once his next book, You Can Stop ‘Stupid’, is published in 2020.
- Effectively Securing Business Email Accounts: Are Employees the Weakest Link?
- Encryption: An Essential Yet Highly Controversial Component of Digital Security
- Business Email Security Redefined: Key Benefits of Securing Your Business Email with Guardian Digital
- 8 Business Email Security Best Practices
- Demystifying Email Encryption: Stop Sender Fraud
- Demystifying Phishing Attacks: How to Protect Yourself Now
- Demystifying Tax Fraud: How to Avoid Falling Victim to Deceptive, Costly Scams This Tax Season
- Coronavirus Phishing Scams are On the Rise - Is Your Business Email at Risk of Infection?
- Dave Wreski: Founder of Guardian Digital – Open Source Cloud Email Security
- NJ DHS: Email Security for Businesses Beyond COVID-19
- New Ransomware Warnings: Is Your Business Safe from This Silent Threat?
- FBI: Existing Cloud Email Protection Inadequate Against Phishing, Ransomware
- Email Risk is Universal: Securing Business Email in Every Industry Sector
- How To Safely Navigate Office 365 While Working Remotely
- Tips and Advice for Staying Safe Online During COVID-19
- Why Your Business Needs Better Email Security
- Defending Against COVID Email Spoofing Attacks with DMARC
- You’ve Got Mail: How To Tell If It’s Fraud
- Open-Source Security Is Opening Eyes
- Think Like A Criminal: How To Write A Phishing Email
- The Four Biggest Email Threats Your Business Faces Today
- Learn About DocuSign Phishing Attacks in 3 Minutes
- Understanding Payload-Less Email Attacks in Under 3 Minutes
- Demystifying Fileless Malware in Less than 3 Minutes
- How to Protect Sensitive Data & Maintain Client Trust in Financial Services Industry
- Exchange Servers Are Vulnerable - Learn How To Secure Your Email Server Now
- Apache SpamAssassin Leads A Growing List of Open-Source Projects Taking Steps to Correct Instances of Racism and White Privilege
- Cyber Risk Is Greater than Ever in the Legal Industry
- Your Current Approach to Email Security May Not Be Enough
- Ways to Prevent Email Account being compromised in a Breach
- Celebrating 20 Years of Revolutionizing Digital Security
- IBM Closes its $34 Billion Acquisition of Red Hat
- Interview with Security Expert and Author Ira Winkler
- What is Phishing Email? How to prevent Phishing email scams?
- Ways Our Business Email Exceed Your Expectations
- Spear Phishing Protection - Definition & How To Recognize Spear Phishing Email
- What is Whaling (Whaling Phishing)? & How to Prevent Whaling attacks?
- Ransomware Attack Explained - Best Practices For Ransomware Protection
- Business Email Compromise (BEC) - Definition & Prevention From BEC Attacks
- Wire Transfer Scams Involving Real Estate Transactions: How to Prevent Fraud with Effective Email Security
- Guardian Digital and Mautic: A Dynamic Open-Source Duo
- Email Malware - How to Recognize & Prevent Malware Email Attack
- An Open-Source Success Story: Apache SpamAssassin Celebrates 18 Years of Effectively Combating Spam Email
- What is Spam Email - Types & How to Prevent Spam Emails?
- Email Virus - Complete Guide to Email Viruses Plus Best Practices
- What Is A Zero-Day Attack & How To Prevent Zero Day Exploit?
- 2020: A New Decade of Digital Threats - Is Your Business Email Secure?
- Linux: An OS Capable of Effectively Meeting the US Government’s Security Needs Heading into 2020
- Email Security: Complete Guide on Email Security & Types of Email Threats
- Guardian Digital Keeps its Customers Protected from Intel Design Flaw
- Security Spotlight: Open Source Email Security Solutions
- Top Six Advantages of Open Source Development/Products
- Python and Bash - Contenders for the most used scripting language
- Guardian Digital Outlines Top 4 Benefits of Choosing Cloud
- Unrivaled Protection Against Today’s Most Dangerous Threats
- Guard Your Email Accounts Against Today’s Most Dangerous Threats
- Security Highlights from Defcon 26
- Linux / Open Source FAQs: Common Myths / Misconceptions
- Email Security FAQs Answered by Guardian Digital
- Guardian Digital Mail Systems: Designed to be Secure Without Fail