There is not a day that goes by without some startling revelation about a new threat from emerging from the world of Cyber-Crime. Over the last few months there has been a spate of attacks on online platforms, organisations and even point of sale devices. Attacks seem to be all encompassing and blending attacks against physical devices (point of sale) and online platforms. We all have become familiar with names like Zeus “game over” or Dexter. If you have not heard these expressions before and you’re in the world of online commerce then feel free to contact me.
With the depth and breadth of possible attacks increasing exponentially every day the question that should be posed in the mind of every organisation with an online presence is what can I do? It is a bewildering task to stay on top of the ever shifting online threat landscape. What is it that I can do that will help me to prioritise and understand these threats and how do I develop a cost effective pragmatic long term strategy that will deal with this problem? For if such a policy can be developed then any online business can get back to the core fundamentals of business growth and attracting new customers. That said I do want to point that when one takes an in-depth look at the Blueliv Cyber Threat Intelligence Technology report I see that the attacks are spread across a number of different industry verticals that include, government, education establishments law firms, health and utility companies. The exact nature of the attack varies but that said all of these sectors are at risk.
Any long term and effective Cyber Security strategy needs to address some core concerns. The first of these will be the need to have what is called actionable intelligence. What is actionable intelligence? This is detailed and precise information that tells an organisation, who is attacking them, why they are being attacked and how is that attack going to take place or is taking place. This information is critical in helping an organisation understand what their current exposure is to Cyber Risk. What is needed is a strategy that can fuse together the who, what and why together from a diverse range of data sets. If you can collect information and intelligence on a wide and diverse range of threats you will be able to paint a very vivid intelligence picture. This in turn will help you see what attacks are coming and also what confidential customer and corporate data may have already been leaked. Once an organisation reaches this point it has situational awareness of its Cyber Risk based on actionable intelligence and it can now move towards a proactive stance in aggressively protecting its infrastructure and online assets from attack and compromise.
If not now then sooner or later all business will need to have a presence in the world of mobile platforms. Last year the mobile platform in terms of revenue generated stood at around $10b by 2016 this is expected to grow to $30b. So for all organisations this is an opportunity that needs to be exploited. However the complexity and sophistication of threats directed against the mobile platform is increasing at an alarming level. The very latest development is what is known as cross platform attacks. This is where a single piece of malicious code has the ability to infect a number of different devices such as PC’s, laptops and mobile devices. A very good example of this is the malicious code that was named Perkele. The key characteristics of this code are as follows: Perkele circumvents out-of-band authentication codes sent to mobile devices for online-banking sessions and infects a number of different devices hence its cross platform capability. The code lets attackers intercept text messages and initiate transactions using software that is running in parallel on a victim’s desktop. This allows it to beat security measures that require payments be confirmed using a mobile device.
We have the first two elements of a long term cyber strategy defined. Such a strategy needs to provide an organisation with actionable intelligence and must encompass the very latest attack vectors such as cross platform attacks. The next component must be that whatever mitigation technology is put in place it must be scalable and flexible do deal with the threats a business faces today and flexible enough to encompass emerging threats such as those already mentioned. This is a fundamental requirement. What an organisation must look to do is to align its current risks to match its current mitigation strategy. If it is able to do this and this in turn will generate the cost effective returns on its online security investment. Put simply the solutions used must give an organisation to choose and pick what Cyber Threat mitigation “modules” are best suited to its current risk exposure. The question that may be asked by the reader is how do I gauge my current risk profile? This can only be achieved by working with a flexible solution that will map out what corporate and customer data has been exposed, what malicious campaigns are currently being targeted against an organisation, and what are the sources of these attacks. Once armed with this detailed information an organisation can extrapolate a detailed risk profile and from there map solutions that meet these current risks. In a single word alignment is the third key component of any long tern cyber risk management strategy.
Cyber Security is not simply an issue that should be the focus of large multinational organisations or banks alone. Using the Blueliv platform to track and map attacks that are taking place there is a very definite trend emerging that mid-tier organisation are now very much within the radar of the attackers. What kind of institutions are these? Well they range from regional banks to 3rd party supplies to large organisations. These include wealth management funds, hedge funds and large legal firms. No organisation is immune from attack. The logical question to be asked is why are these mid-tier organisations being actively targeted? They represent an easy target for the attackers; mid-tier organisations may not have dedicated security teams and practices in place assuming that there is no reason why their organisation would be the focus of cyber-attacks. This creates the perfect opportunity for attackers to in bed themselves into the organisations systems and either use these systems to launch new attacks, store data, or to use stolen credentials to targeted lager organisations that have a trusted relationship with that maid tier organisation. The very real possibility exists that your organisation may unwittingly provide a platform for cyber criminals to attack your most important clients and partners in addition to your customers. The final key component of strategic cyber policy is never to assume that you would never be a target for cyber criminals. If you have an online web presence (and it does not have to be transactional in nature) then you will be a target. From this informed stance you can look to build a defence in depth approach to protect not just only your own customers and assets but also protect those highly valuable relationships you have with 3rd parties.
I have tried to map out some the key fundamental requirements of a long term strategic Cyber Security policy that will help organisations see some real return on their Cyber security investment. The article is not intended to be an exhaustive examination of what all of the key requirements are but merely a starting point from which an organisation can begin an internal debate. The starting point for that debate is to understand what your current risk exposure is. How do you do that? Engage with solution that can inform you of who, what and why you’re being attacked, the requirements mentioned are though important and should be encompassed in any final strategic document. The most vital elements to keep at the forefront of any discussion are not to assume that you as an organisation would never be attacked. As I have discussed targets include online commerce, large multinationals, local authorities, law firms and hospitals too. All of these organisations provide assets from which attacks can be launched and data stolen. All organisations need a flexible and scalable solution in order to align their current cyber risks with their mitigation strategy. That is a key to driving some genuine return on your Cyber Security investment alignment based on understanding what your current cyber risk profile is. The complexity of attacks will continue to grow as will the degree of interconnectivity that exists in modern society. This is not a problem that will lessen in time or disappear. Cyber-Crime is here to stay it is already part of everyday business. The core question for you as an organisation regardless of the industry vertical you operate in is what can be done to mitigate this threat in a cost effective manner, which will not only protect my online assets but more importantly will protect and enhance my brand. Don’t wait to become a victim of Cyber Crime get on the front foot and develop a cohesive long term Cyber Security strategy.