Pub. 13 2018-2019 Issue 2

NEBRASKA BANKERS ASSOCIATION 19 KITTENS AND YETIS AND BEARS, OHMY! INCIDENT RESPONSE IN A BAD, BAD WORLD TECH TALK Tech Talk — continued on page 20 Ty Purcell GCIH, GPEN, GWAPT, CISSP, CISA I T SEEMS THAT EVERY WEEK A NEWS STORY APPEARS DETAILING new hacking activity originating from organized groups with interesting names such as Energetic Bear, Rocket Kitten, Crouching Yeti, Night Dragon and Sad Panda. While these names are colorful, the groups they are associated with are deadly serious. One might think that these groups are interested only in government or military secrets. However, businesses from all sectors are subject to attack. Successful compromises have been detected in areas such as power and water utilities, communications, and in businesses holding personally identifying information. The motivations behind these attack groups are tied to political, commercial, and security needs. When considering this, it becomes obvious that all businesses and many individuals have information that would be valuable to the groups. Making the problem more complex, many organizations do not realize they are compromised until they are notified by an external source, usually law enforcement. Technologies and practices like cyber threat hunting and cyber threat intelligence are a popular trend. Many companies offering these services seem to advertise services that make finding advanced attackers as simple as playing the old video game "DuckHunt". There is a need for cyber threat intelligence and hunting; however, a more foundational practice—incident response—needs to be developed in businesses first. What is Incident Response? Banks have been familiar with the concept of incident response for many years. Formally, incident response is the