Dan Tentler Founder, Phobos Group is a well-known figure in America’s cyber security consultancy circuit. Dan travels widely on speaking engagements in Australia, the UK and Amsterdam. Dan has presented at signature events such as 44con, BreakPoint, DefCon, BlackHat, ShakaCon, and much more. Dan is skilled in the arts of the professional bad guy. He is one of the key speakers at Cyber Security Asia 2017, taking place Kuala Lumpur. Excerpts of the interview with Dan.
To begin with, it will be interesting to know what drew you to cyber security and why is it your primary area of focus?
Originally, I began my career doing systems administration and systems architecture, and after continually having to redo my work and experience systems becoming less and less secure because of the actions of developers and business folks, I couldn’t take it anymore. I quit my role as a systems architect and went into security full time.
What would your suggestions be for businesses and governments in the Asia Pacific with regard to both the regional and international cyber threat landscape?
Unless the business has specific threats that are directed at it, the threats are global, since the internet has no borders. Targeted threats are a different animal. The best thing to do is to be prepared to deal with the typical day to day threats, that way if there are any greater threats, they become very clear. Directed threats could be things like targeting specific types of hardware, like cash registers or ATMs of a specific model.
Where do the majority of cyber threats affecting organisations in Asia originate from? And does one mitigate these threats?
There are two basic types of attacks. Opportunistic, and targeted. The opportunistic attacks (the ones that comprise the vast majority of attacks) are global. They are not constrained or targeted against any particular country. The targeted attacks, however, are targeted based on the business or vertical market the business is in. We don’t normally see attacks specifically targeting companies in a particular country “just to target that country”. There are, of course, some exceptions, but most of them are political in nature and do not often involve Asian countries.
From a national critical infrastructure perspective, how is the Asia Pacific faring compared to other regions such as Europe, ME and Americas?
Based on my findings, evenly across the board, globally – it’s a mess. It appears that critical infrastructure, when averaged out, is doing the bare minimum to secure equipment.
What should businesses do to keep abreast of the threats to their national interests and supply chains?
Consider a vulnerability management program and take routine security hygiene seriously. The reason that millions of computers all over the world became infected with the wannacry ransomware is purely because they didn’t install patches available for free from Microsoft. Defending against the “background radiation” of the internet by taking care of low hanging fruit and easily exploited vulnerabilities makes an attackers job staggeringly more difficult.
Lastly, what are the three top security controls would you recommend businesses need to put in place to manage cyber threats?
- Egress filtering
- Vuln management / patch management
- Anti-Phishing Training
And I mean actual training, not just using a service to phish employees and measure how bad it is. Actually training the employees to do better when it comes to phishing attacks.