Of cyber resilience and superheroes

The 13th in a series of lectures co-sponsored by NYU’s Center for Cybersecurity and AIG uses a Marvel analogy to frame threats in the cyber landscape

The panelists from left to right, Kylie Watson, Jason Harrell, Ed Amoroso, Joel Caminer

Left to right: Kylie Watson, Sumitomo Mitsui Banking Corporation; Jason Harrell, Depository Trust & Clearing Corporation (DTCC); Ed Amoroso, TAG Cyber; and Joel Caminer, NYU Center for Cybersecurity.

Anyone who signed up to hear keynote speaker Jason Harrell from The Depository Trust & Clearing Corporation (DTCC) at the 13th AIG-Sponsored Cyber Security Lecture might have expected to hear a dry description of the current threat landscape and humorless prescriptions for navigating it. Instead, however, attendees at the lecture, which was co-sponsored by the NYU Center for Cybersecurity and held in Tandon’s Pfizer Auditorium on June 1, were treated to a colorful and effective analogy that used a collection of Marvel comic villains to describe today’s cyber threat actors: Thanos, the most powerful evil-doer of the bunch, was said to represent well-funded, persistent, and highly skilled nation-state threat actors like those involved in the 2007 Estonia Cyber Attacks,  2010 Stuxnet Attack, and 2016 Bank Of Bangladesh Heist, to name just a handful.

The panelists from left to right, Kylie Watson, Jason Harrell, Ed Amoroso, Joel Caminer

In characterizing threat actors in this way, Harrell made it clear that whether the motive is money, power, or revenge, the chance of such an attack affecting numerous systems — including vital financial-sector entities — has moved from improbable to feasible to inevitable. The statistics are sobering. Harell noted that more money is now made each year in cybercrime than in narcotics, and it takes an average of just 84 minutes for an adversary to move laterally from the initial compromise. He emphasized that it has become  imperative that the cyber ecosystem be as resilient as possible, with resilience being defined as “the ability to protect, detect, respond to and recover from operational incidents, including cyber attacks.”

The path forward, Harrell explained, will involve leveraging a more diverse talent pool, strong public-private partnerships (since Thanos didn’t lose until all of Marvel’s heroes pitched in and fought him together) — and the savvy use of emerging technologies like AI.

His address was followed by a panel discussion moderated by Joel Caminer, Senior Director at the NYU Center for Cybersecurity, and also featuring Kylie Watson, the CISO of Sumitomo Mitsui Banking Corporation-International Bank, and Ed Amoroso, the CEO of TAG Cyber. 

The panelists pointed out one silver lining: with the cyber landscape evolving so rapidly, decades of experience are no longer needed to forge a career. Since cyber professionals at every level must continually expand and update their knowledge base, it opens the field for a wider number of professionals with diverse backgrounds, both academically and in terms of work experience.