Boisvert began his thought leadership presentation at the 2016 Chief Information Security Officer Leadership Forum held on September 13 in Dallas by disclosing that he knows what it means to be targeted, having worked in national security in Canada. More recently, he’s briefed ministers of federal governments about what kinds of threats are most important, from threats-to-life to threats that target information. “I could tell a country or a company that their information was being targeted, but I couldn’t tell them how or where or why. Unlike threats-to-life, these threats were capable of undermining our future prosperity. These threats were being weaponized and were part of the fifth-dimensional battle space,” he explained.
“I could tell a country or a company that their information was being targeted, but I couldn’t tell them how or where or why. Unlike threats-to-life, these threats were capable of undermining our future prosperity.”
“Corruption is everywhere, and it’s threatening your enterprise,” Boisvert warned. “We live in a world of pervasive, transnational, organized criminal behavior. It’s at an unprecedented level and capacity, primarily as a result of a convergence of interests among countries and the sharing of knowledge and profits from that criminal enterprise. At the same time, we’re not well prepared for this threat.”
Boisvert continued, “We talk about cyber threats, but it’s not about cyber threats; it’s often about corruptive practices—corruption and fraud. It’s moved from a few guys holed up in a small Italian café to sophisticated gaming involving people in different places who’ve never met.”
Everyone expects to have access to the network all the time, noted Boisvert. “We now have 50 billion points of contact that everyone has access to. As these points of contact become more numerous, organizations are having a much harder time monitoring their network landscape to identify anomalies and respond effectively.
“The offense has been winning the day. The threats have been moving from POS to PII, and we, in security, are having difficulty keeping up,” said Boisvert. “We’ve primarily bolted on solutions, which provide a narrow perspective on the threat rather than the bigger picture. To gain this bigger perspective, we have to be as nimble and insightful as the predators. We need to have an awareness of the depth and scope of our network and detect anomalies with the shortest possible delay.”
“The threats have been moving from POS to PII, and we, in security, are having difficulty keeping up.”
Regarding advanced analytics (data validation, rules/thresholds, statistical modeling, machine learning, behavioral analytics, etc.), Boisvert noted that this is an explosive narrative right now. “It’s a credible, transformative trend, but I’m here to advise you to be skeptical. Be aware of the hype around 'the solution.' I’m often asked where predictive analytics is in the maturity curve. We still rely on search, query, and response. We still rely on rules and signatures. We need to be focused on behavior anomalies but, to get there, we need an effective baseline. You need to understand clearly and in depth the type of network you have so you can detect the least bright light that indicates a behavioral anomaly in a much shorter lag time than what we’re currently experiencing. Right now, 59% of events are still being reported by a third party to the organization that’s been breached,” said Boisvert.
“Sometimes we forget how big and complex our networks are, and how much of this challenge is a data or math problem. We forget that 10,000 devices translate to 99 million potential relationships that need to be monitored constantly. This complexity pushes the bounds of our computing capacity and requires high-level, high-speed analytics that can manage all data sources in very near real time.”
“Sometimes we forget how big and complex our networks are, and how much of this challenge is a data or math problem. We forget that 10,000 devices translate to 99 million potential relationships that need to be monitored constantly.”
Boisvert summed up with, “We can provide network visibility, but it’s necessary to consider the concerns I’ve been talking about—specifically, be skeptical of what you’re being told are silver-bullet analytics, because many of these have great difficulty scaling.”
ABOUT RAY BOISVERT:
Boisvert is President and CEO of I-Sec Integrated Strategies (ISECIS). The formation of ISECIS builds on Boisvert’s career of almost 30 years in both operational and executive roles with the Canadian Security Intelligence Service (CSIS), where he retired as the Assistant Director of Intelligence.
Additional roles within CSIS included leadership of the international counter-terrorism branch as well as key organizational programs including operational security, risk management, internet operations, and data exploitation efforts.
With his extensive and specialized knowledge, Boisvert has uniquely positioned ISECIS to identify global risks, convey privileged insights, and create intelligent organizational resilience—including enhanced cyber and insider threat defense.