by Derek Brown
Driven by the promise of financial rewards and empowered by the sheer scale and reach of internet-based attacks, organized criminals have secured an increasingly strong foothold online as they refine their skills in large-scale, high-consequence cyber crime – deliberate crime that has a severe or crucial impact on its victims.
Higher consequence crime is rising with nation states and organized criminals continuing to steal IP and other valuable information to gain economic advantages or cause a negative economic impact in rival countries. 2016 will see groups become bolder in their hacking operations, affecting the functionality of systems or even destroying the stolen data so a company cannot access it.
This year will also be characterized by a rise in stolen Personally Identifiable Information (names, addresses, financial data and even biometrics like fingerprints and facial images) and Intellectual Property (IP) of organizations, exploited to commit fraud, replicate identities and compromise consumers, commercial organizations and intelligence activities. This will increase the targeting of organizations that store data like fingerprints, faces, and even DNA profiles as these unique signatures are increasingly used for authentication to devices and services. This growing area of criminal activity will require a holistic approach to monitoring threat levels across organizations through specialized cyber security and intelligence software.
The final emerging risk is the possibility of losing control of critical national infrastructure. Hackers could step up their efforts to penetrate critical national infrastructure and insert malware to compromise these systems. As computer viruses continue to evolve, malware could be used to control the world’s large scale industrial control systems such as power plants and dams – even extending to transport.
The evolving cyber landscape
2016 will see a continuing shortage of people with cyber security skills. People who have experience in identifying cyber risks and improving defenses are in high demand but low supply and this will worsen as the size of security teams increases.
Companies are therefore adopting Security as a Service (SECaaS) as a stop-gap. This outsources security to another company with more expertise and can scale cost-effective security to all of its customers. Companies need to understand that while they can outsource responsibility they cannot outsource accountability, so need to consider the benefits and risks involved.
However, many organizations do not adequately assess the security practices of third-party partners and supply chains despite findings that consistently point to breaches caused by third parties.
While most organizations do include security provisions in contract negotiations with external vendors and suppliers, what needs to change is the level of focus and standard of security expected. Currently these standards are too low and organizations must hold themselves and others to higher levels of cybersecurity.
The Five ‘Knows of Cyber Security’
Companies will need a better understanding of their cyber exposure as cyber legislation tightens and requires increased accountability. Knowing your network will become increasingly important to build a ‘defender’s advantage’.
A key component is being aware of the ‘five knows’ of cyber security which are critical to understanding your cyber security exposure, according to Mike Burgess, Chief Information Security Officer of Telstra Corporation:
- Know the value of your data. With resources typically limited, it’s important to know which data is the highest priority to protect. It’s also crucial to remember that what an IT executive thinks is important may be completely different than what a business leader sees as important.
- Know who has access to your data. Management of privileged network accounts has emerged as a major problem as studies confirm that users are much worse at protecting their passwords than they should be. It’s important to ensure access to data is limited to those who need it – and making sure you continually monitor that list as the business evolves.
- Know where your data is located. Particularly in today’s cloud-heavy computing environments, data may be stored on servers anywhere in the world as easily as on your company servers. Tracking physical, virtual and derivative instances of your data across external service providers is therefore of paramount importance.
- Know who is protecting your data. You may think your IT department has your data under lock and key, but relationships with service providers can change this. Make sure you are aware of all third-party providers involved in the storage, backup, recovery, archiving and disposal of the data lifecycle.
- Know how well your data is protected. If you don’t know exactly what applications, technologies and devices your data is exposed to at every point in its journey, you are potentially leaving it exposed to attacks by cybercriminals. Stay on top of new cybercriminal attacks and move quickly to apply patches for new vulnerabilities as they are discovered.
Companies now understand sophisticated cyber-criminals have rendered traditional perimeter defenses ineffective. A priority for 2016 will be to detect threats inside the firewall as they develop, to defend and prevent significant damage from occurring.
Many organizations are turning to cyber analytics solutions to gain a deeper understanding of their networks, to identify what’s normal and what’s not. This helps give an advantage over attackers by allowing the company to know what’s happened and what has changed.
Whereas many conventional security solutions look for signs of malware code, security-analytics techniques monitor network activity for tell-tale signs of cybercriminal behavior. This activity might be documented within the logs of security software, network hardware devices or user behavior – essential information that forms a body of evidence, which companies can leverage to fight back against intruders. Gaining a new understanding of “normal” is key to addressing the abnormal and good information is fundamental to making this happen. Using analytics to uncover anomalies hidden within the network allows organizations to act early in the threat timeline, before extensive financial and reputational damage is done.
Organizations therefore need to apply a layered approach to security, as there is no one miracle piece of software or hardware that can protect against all never before seen threats. This, combined with a culture of cyber awareness from the board level down to all parts of the organization, can provide a strong defense against the threat of high impact cyber attacks.
Derek Brown is the VP Americas with Wynyard Group.