Carsten Fischer: The Need for Speed in Threat Mitigation Artwork

FinCyber Today

FinCyber Today is a podcast from FS-ISAC that covers the latest developments in cybersecurity, contemporary risks, financial sector resilience and threat intelligence. Our host Elizabeth Heathfield leads interesting and challenging discussions with our special guests, who bring practical ideas on how to deal with the cyber challenges in the financial sector, improve your cybersecurity response and build resilience in business.

All Episodes

FinCyber Today

Carsten Fischer: The Need for Speed in Threat Mitigation

October 31, 2024 • FS-ISAC • Episode 22

There used to be weeks between the announcement of a zero-day vulnerability and the next exploit. Now we have days or hours to patch the vulnerability, says Carsten Fischer, Deputy Chief Security Officer at Deutsche Bank. Sometimes threat actors are in the machine even as the patch is being tested. With such a small window of reaction time, mitigation must be faster.

Prevention vs. Detection

We can’t prevent every threat, but we don’t always have time to patch detected vulnerabilities before adversaries exploit them. So as zero day vulnerabilities – and exploits in the wild – increase, cybersecurity should prevent as best as possible and use detection until a patch is available and remediation can begin. It helps to share intel and ask colleagues for advice. You may find a control that should be strengthened, a technique that’s working, or that a threat has increased. Regardless, if you share, you're better off than those who don’t.

Threat intelligence vs. Threat Modeling

Threat intelligence is the sheer information that educates you on the threat landscape and guides you to the problem and its mitigation. Sharing that intel is necessary to defense: colleagues in similar straits may know a component that could speed a mitigation.

Threat modeling is mapping that problem back to you and your controls. A good threat model will indicate where the threat could materialize, the controls along the kill chain, and will connect to KPIs that show where investments should be made. Resilience is a necessary part of threat models – you have to continue operating – but the ideal outcome is reacting so quickly that you're not really impacted.

No Time for a Dress Rehearsal

We must be more proactive. Automate, connect platforms, and use prevention and detection controls. They can kick in while patches are being developed. But remember, people build threat models by connecting the dots in the threat landscape. The more that people connect with each other, the more dots they can connect in the threat model.

FS-ISAC Summits

The pandemic demonstrated the importance of in-person meetings. A chance to talk to security vendors and experts, discuss what’s working and what’s not, and combine the power of security thought leadership is valuable. When you exchange information you can enrich it.