Pub. 7 2017-2018 Issue 2

12 O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S It seems that every week a news story appears detailing new hacking activity origi- nating from organized groups with interesting names such as Energetic Bear, Rocket Kitten, Crouching Yeti, Night Dragon and Sad Panda. While these names are colorful, the groups they are associatedwith are deadly serious. One might think that thesegroups are interestedonly in government or military secrets. However, businesses fromall sectors are subject to attack. Successful compromises have been detected in areas such as power and water utilities, com- munications, and in business holding personal identifying information. Themotivationsbehind these attack groups are tied to political, com- mercial, and security needs. When considering this, it becomes obvious that all businesses and many individuals have information that would be valuable to the groups. Making the problem morecomplex,manyorganizationsdonot realize they are compromised until they are notified by an external source, usually law enforcement. Technologies and practices like cyber threat hunting and cyber threat intelligence are a popular trend. Many companies offering these services seem to advertise services that make finding advanced attackers as simple as playing the old video game "DuckHunt". There is a need for cyber threat intelligence and hunting; how- ever, a more foundational practice, incident re- sponse, needs tobedeveloped inbusinessesfirst. What is Incident Response? Banks have been familiar with the concept of incident response for many years. Formally, incident response is the process conducted to manage security incidents. Regulatoryguidance requires incident response policies. However, many institutions don’t ever progress past the policy stage. With the risk environment at the current level, this isno longer anacceptableprac- tice. Institutions must be capable of detecting intrusions and responding appropriately. Kittens and Yetis and Bears, Oh My! - Incident Response in a Bad Bad World FEATURE ARTICLE TY PURCELL (GCIH, GPEN, GWAPT, CISSP, CISA) CONETRIX Many financial intuitions may not be able to develop full incident response capabilities that will cover all four steps. However, preparation, detection and basic analysis are tasks and skills that institutions must be capable of performing.