In an interview with Information Security Media Group, Day contrasts the past approaches taken by cybercriminals with how they execute online crimes today.
Day compares past online criminal efforts to "a blind man with a machine gun," whose voluminous attacks take whatever materials that fall into the path of the weapon's fire.
Over the past two to three years, he says, cybercriminals began to launch far more sophisticated APT attacks, targeting a select few organizations with something of value to exploit. Thinking like a cybercriminal, Day says, "'I'll use that concept of persistence. I might not get it the first time so I'll just recode my attack and try it a second time, a third time and a fourth time till I get in, till I can get that thing that's of value.' It's almost like moving from that kind of random attack to doing a kind of a local bank robbery. I do my reconnaissance; I figure out the weak point. But the payday is far, far greater. ... What we're seeing now is less is more."
In the interview conducted at the recent 2014 Infosecurity Europe conference in London, Day points out that:
- The mean time to discover of a data breach is 229 days from its initiation, with two-thirds of enterprises finding out about it from an outsider. "We don't know the problem is happening; we're not solving it," he says.
- Eighteen percent of the attacks FireEye monitored in the past six months - or about 20,000 attacks a month - have targeted just one company. That means organizations must rethink how they measure attacks, not by volume, but on how it has an impact on their bottom line, he says.
- Enterprises must improve their ability to identify assailants. "We need to be able to get better at doing that instant response, so that when we go to the board, actually we can quantify what the potential commercial implications are, based on the attribution and the human interaction," he says.
Day, vice president and chief technology officer for Europe, Middle East and Africa at IT security provider FireEye, is responsible for technology strategy and security thought leadership throughout the region. He works closely with CISOs and other senior executives in governments and global enterprises to develop and share security best practice, contribute to policy development and audit cyber strategies where security is mission critical.