Organisations are starting to experience an evolution of threats from discrete criminal events to virtually every criminal act being a ‘cyber’ crime with some physical aspect to it. It’s not a displacement of physical terrorism in support of cybercrime, but the merging of the two. Take events of the past few years including the Ukranian power grid attack or the Iranian hack of the New York Dam, for example.
If a organisation thinks about who the adversaries are: organised crime groups, nation states, and terrorists, the cyber realm is just another tool in their arsenal. Terrorists interested in attacking critical infrastructure: transportation, electricity, water and sewer systems might use kinetic attacks and improvised explosive devices, but they might also attack the computers that run those systems.
>See also: 10 ways cyber security will evolve in the face of growing threats
In fact, in some cases, it may be safer and more cost effective for criminals to conduct attacks digitally and electronically. Indeed, increasingly, they will migrate to that attack vector. That’s why understanding the perpetrator is so important. After all, the attack vector is going to constantly change, but the adversaries are not.
Understand the power criminals are exploiting
Developing the link between physical and digital worlds further means we must look at the impact of the IoT. While the industry is hell-bent on coming up with weird and wonderful ideas and use cases for it, often it comes without the necessary expertise to protect against the security risks and exposure these new applications present. In too many cases these products are developed and shipped as fast as possible, without thinking about security or the life cycle.
Organised crime groups are taking advantage of this computing power and will increasingly use it to further their illicit activities. They will create new targeted attacks against specific devices. Like the hundreds of thousands of implantable medical devices that are online and connect to the internet – from pacemakers to diabetic insulin pumps and cochlear implants. This is a scary prospect when considering that health data is online for doctors to access, as well as being available to the ‘kid next door’.
>See also: Security and the threat of cybercrime is a real concern for organisations
With these worrying developments, it’s critical that organisations know about the variety of emerging threats and how to recognise and respond to them. Especially given that it’s not just the loss of data to be concerned with, but the physical destruction of property and potentially, life too.
Track the adversaries, not their tools
Ultimately, focusing on the symptoms of the adversary problem isn’t enough in the new age of cyber security. Firms must be able to understand how they have managed to propagate the network, and then determine next steps once a presence has been established.
Enabling this kind of security posture starts with expanding the scope of operations, using technologies that can identify indicators of attack (IoAs). This enables teams to track the effects of what the adversary is trying to accomplish, so that they can understand where the adversary has been, what its objectives are, and where it is today, rather than simply the tools being used.
Use intelligence and personnel to react at speed
None of that can be achieved without access to the right insight. Understanding what adversaries are looking for, and how they think requires intelligence and a well-trained team to monitor, capture and analyse threat data effectively.
>See also: Cyber security employee shortage ‘barrier to effective threat detection’
Without doing so, companies are vulnerable to loss of revenue, jobs, intellectual property and shareholder value as they scramble to react quickly enough. Threat intelligence must therefore be a mandatory element of any comprehensive security programme.
This will support organisations in their bid to ensure that the devastating effects of these attacks can be thwarted before any real harm is done. Steering clear of these mega breaches, be it through physical or digital means, comes down to two key points, speed and agility.
Being able to assess any intrusion and contain it immediately is the only way to future-proof a business. A combination of intelligence and trained personnel is critical to ensure that no matter where the bad guys move, or whatever new tactics they deploy, their movements can be monitored and the business is prepared to act.
Sourced by Mike East, VP EMEA at CrowdStrike
The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit byregistering here
<div<div class=”yj6qo a
j
<div id=”ntv1038848-182355-1115″ class=”ntv-box ntv103884
8-182355-1115″>