When the Democratic National Committee

based in Washington, DC discovered in

June that its entire computer network

had been hacked, it called on Shawn Henry, president

of CrowdStrike and former head of the FBI’s cyber

division, to review the damage and identify the

perpetrators, which were deemed to be agents of the

Russian government.

In this Brink interview, Henry shares his views on

dealing with the various adversarial groups lurking in

the shadows of the internet.

BRINK: What’s the biggest cybersecurity mistake

you continually run into when you are consulting with

companies and why does it keep happening?

Shawn Henry: Companies continue to be

reactive, rather than proactive. In other words, they’re

responding to incidents after the fact, rather than

proactively going out and deploying technologies that

allow them to get better visibility into the environment

and see what’s coming. The proactive piece, where

companies take security into their own hands or start

actively hunting for adversaries in their environment, is

the single biggest step that organizations can take.

BRINK: How pervasive is the threat from

state‐sponsored cyber crime? Does it happen across

all public and private sectors and does it go beyond

state‐sponsored actors?

Henry: A wide range of groups are involved and are

pretty prolific. Nation states are targeting organizations

for intellectual property and research and development

information and corporate strategies. Also, terrorist

groups are targeting critical infrastructure. We

know that they’re developing these capabilities.

The organized crime groups are targeting primarily

the financial-services and retail sectors. They are

increasingly using ransomware, targeting many other

types of organizations where they feel that they can

get some return on their investment, and it’s turning

out to be a sizable return for what little investment they

make. Healthcare, financial services, manufacturing,

government, educational institutions, energy, and

transportation – no sector goes untouched.

BRINK: What do you say to a CEO who says, “I’m

just a shoe manufacturer. We don’t have anything that

hackers would want to steal.”

Henry: Every business – regardless of what that

is – has something that’s valuable. First, every company

that’s in business has something that’s of value,

otherwise they wouldn’t be in business. They have

some type of commodity, they have business practices,

they have proprietary information that differentiates

them from others in their industry.

Second, adversaries are not necessarily looking

just to steal data. We’ve seen adversary groups that

have destroyed networks simply because they’re not

happy with the company or the way a company is doing

business. These adversaries are using the networks as

an opportunity to make a statement. It’s not just being

prepared to protect your data, it’s also being aware

of the critical risk you face if somebody accesses your

network and decides they want to wreak havoc for

whatever reason.

BRINK: What’s your position on whether companies

should pay up when they become victims of a

ransomware attack?

Henry: I think that companies shouldn’t pay

and that instead they should invest their money in

developing a continuity of operations plan, such as

having a backup strategy so that they can reconstitute

their network.

BRINK: The debate over whether companies should

be able to “hack back” is getting some more play these

days. What’s your opinion on that?

Henry: Companies cannot legally leave their

network to target somebody else. They can’t try to

track them down and steal their data back. They can’t

send malware out to another party. There is probably

going to be more debate on this subject as the

situation continues to worsen, and there will be calls for

companies to be able to take some type of action. But

for right now, the law is very clear: They can’t do it.

BRINK: Would you support a change in the law that

lets companies do that?

Henry: In doing that, you face the risk of companies

getting engaged in foreign countries, in foreign laws,

and even in dealing with nation states. However, there

is a lot that companies can do in terms of collecting

and sharing intelligence with the government and

work in a more coordinated fashion with others in

their industry, to do a better job of identifying who

the attackers are.

This interview with Shawn Henry, President, CrowdStrike, is an

excerpt of an article published on BRINK on October 24, 2016. is Marsh & McLennan Companies’ global digital news

hub providing perspectives on developing risk issues.

Copyright © 2016 Marsh & McLennan Companies


More magazines by this user
Similar magazines