Cyber defense: Know when to hold 'em, know when to fold 'em

Savvy, crafty adversaries... Appropriate, measured actions taken at just the right time... discover why poker is not dissimilar to cyber defense and how you can keep your chips.
Know when to hold emIt’s well known that the number one strategy to playing poker is to spot any ‘tells’ that other players may have and to do your best not to have any of your own.  How does poker slang for mannerisms that tip off your opponents about the strength of your hand fit with cyber defense and financial crime?
The paradigm of cyber security has moved from a mindset of keep them out, to one of protect our assets. In order to protect assets; we have to know who our enemies are and respond appropriately when they attack. It’s why so many firms now subscribe to threat intelligence services and have staff dedicated to evaluating potential impacts. Unfortunately, when an attack does occur too many people still believe that instantaneous response is necessary to keep them out, and they compromise the mission of protecting assets. 
Instantaneous responses, whether technical such as blocking ports, or business driven, such as checking on the legitimacy of an account with a credit bureau, are ‘tells’ that let attackers know they’ve been discovered. Your attackers will then either change attack vectors, accelerate the attack to do as much damage as possible, or disappear and wait for another day. To truly protect yourself it is imperative that you think through appropriate and measured responses.
Sophisticated attackers, which include both fraudsters and cyber criminals, not only watch for your reaction, they invest in additional early warning indicators. For example, in cases of identity theft, fraudsters will register a bogus account with a credit protection service. This is particularly common for bust out fraud where many accounts have been created to maximize the amount of credit that can be drawn upon.  A query on any one of the bogus accounts serves as the trigger to grab as much as possible before all of the associated accounts are frozen. For cyber criminals, an overly eager reaction alerts them that their current attack has been detected. Frequently, that attacker will immediately wrap up and move to a different vector, leveraging all of the information that was gleaned from previous successful penetrations.
Just like in poker, you are playing against savvy, crafty adversaries. You need to play your cards close to your vest and not give them any advantage. Taking appropriate, measured actions at the right time not only lets you keep your chips, but it may also help eliminate some of the players from the game.
Bill Sweeney, Financial Services Evangelist 29 February 2016