In episode 43 of The Cyber5, we are joined by Steve Brown, Director of Cyber & Intelligence Solutions for Europe at Mastercard. Steve discusses the key aspects of cyber defense learned while working international cyber crime investigations with the United Kingdom’s National Crime Agency. He will discuss the proven approach of prevent, protect, prepare, and pursue. We will also discuss the role Mastercard is taking in fighting cyber criminals, key aspects of adversary attribution, and how the public and private sector can forge better partnerships to combat cyber crime.
Here are the 5 Topics We Cover in This Episode:
1) Four P Approach: Prevent, Protect, Prepare, and Pursue: (01:59 – 06:08)
Cyber criminals are not siloed. They coordinate on what is working and adjust quickly to take advantage of new vulnerabilities. To combat their adaptive approach, enterprises must have an equally collaborative model.
- Prevent: Mastercard is working with charities, non-profits, research centers, and universities to encourage individuals with technical backgrounds to pursue a career outside of cyber crime.
- Protect: Providing customers of Mastercard with the right knowledge and intelligence to proactively protect themselves.
- Prepare: Complementing playbooks with red teaming and resilience for Mastercard and its customers to ensure business continuity when an attack occurs.
- Pursue: It’s not just about arrests; it’s about Mastercard providing intelligence on infrastructure takedowns, victim engagement, and witness testimony
2) Mastercard’s Cyber Security Strategy: Pioneering the Security of the Digital Eco-System: (06:08 – 09:57)
Mastercard’s cybersecurity strategy is about securing the entire digital eco-system, both within and external to the perimeter. They want to be actively involved in the cybersecurity community and prioritize technologies that better define authentication across payment systems, identify anomalies that are congruent to compromised data and fraud, and improve standards and best practices.
In November 2020, they launched Mastercard Cyber Secure, a unique AI-based technology that better addresses account data compromise events through identification and notification. In practice, victims are generally notified after initial intrusion. After the alert, cyber criminals use the compromised data to facilitate other crimes, including fraud, human trafficking, and espionage. Using risk assessment technology, Mastercard identifies, assesses, and prioritizes those vulnerabilities to Mastercard acquirers around the world. This is particularly critical for the small business community.
3) Mastercard’s Role in Third Party Risk Management: (09:57 – 11:43)
A critical part of securing the external perimeter is understanding third party suppliers. Mastercard’s acquisition of RiskRecon is a testament to their dedication and diligence around third party vulnerabilities.
4) Know Your Adversary™: Attribution is an Aspect of Resilience: (11:43 – 20:45)
Attribution must be a critical part of enterprise cybersecurity strategy. Proper attribution can be a major source of resilience when responding to a cyber attack. Understanding infrastructure, personalities, actor groups, and TTPs informs proper controls and response strategy. Data collected by enterprises is critical to fighting cyber crime, and enterprises must facilitate ways to legally process and share data and experiences. Enterprises must rely on gaining information and attribution on cyber crime and espionage efforts without the assistance of government organizations. Illustrating the ability to scale security operations and recover from a cyber attack is of critical concern to boards, investors, and shareholders.
5) Private Sector’s Increasing Role in Preventing Cyber Crime: (20:45 – 26:00)
The private sector must increase collaboration with the public sector. While this is happening at the tactical, strategic, and inter and intra-governmental levels, it is still not happening at the speed and scale necessary to be effective. The National Cybersecurity Center in the UK and the National Cyber Forensics and Training Alliance (NCFTA) are two organizations that bring together cybersecurity practices and investigative techniques.