Earlier this year, Cameron and Obama announced they will carry out “war game” cyber attacks as part of a joint defence against online criminals. Cameron described cyber attacks as “one of the big modern threats we face”, while Obama said cyber threats were an "urgent and growing danger".
The consequences of an attack for any business are apparent in recent headlines, exacerbated by poor responses to security breaches that have led to the loss of revenue and reputation.
The frequency and severity of cyber attacks will increase in 2015 and organisations will have to explore new prevention and response scenarios. Cyber security dominated decisions at The World Economic Forum in Davos this year, not surprisingly. Cisco CEO John Chambers said in a public session that “security was bad last year” and “this year is going to be much worse”. Cybercrime will worsen – it’s a lucrative and relatively risk free form of crime for those with the appropriate skills.
According to Mandiant’s M-Trends report on IT security, attackers spend an estimated 229 days on a victim’s network before they are discovered. 67% of victims are notified about security threats by someone outside of their organisation. These advanced threats use valid credentials 100% of the time, which make them extremely difficult to spot.
Cybercriminals’ tactics get more advanced every day and businesses need to safeguard against these persistent criminals, but how? By thinking like a criminal.
Criminals are not constrained by policies, ethics or the law. They are entrepreneurial, spotting chances and responding nimbly with a clear ‘eye on the prize’. There are many examples of criminals using novel, daring and imaginative methods. A Chinese gang ran an entire network of fake Apple stores – and a former bank IT administrator bet his redundancy money on the share price falling and then remotely deleted the trading systems.
Typically, these criminals are disguising themselves as legitimate users in order to commit their crimes. Attacks are not launched from outside the firewall and brute force hacks are declining. Threats are now largely ‘internal’.
In order to think like a criminal, you need to scrutinise trends – in behaviour, on the network and through activity. This will help identify the anomalies that could indicate cyber, physical, cultural and procedural vulnerabilities.
For example, take an increasing number and size of print jobs from a single person at odd hours; large file transfers out to a cloud service; and a dramatic change in the categories of websites being accessed by that individual. Seen individually, none of these actions appears malicious, but with a holistic view of activity it’s possible to spot the pattern that suggests a security threat.
This year will see an increasing number of companies using analytics across all their data – not just that which has traditionally been considered security relevant. A security intelligence platform giving you real-time security posture information can help to spot unusual event patterns as they unfold, allowing intervention before they have a chance to make a major impact.
>See also: How to combat spear phishing: the cybercriminal’s weapon of choice
Organisations need to move away from an over-reliance on rule-based, static defences. Security strategy should focus on a flexible, nimble approach that, when combined with continuous network monitoring can detect attacks early and allow timely defences.
Correlating more data, from more sources, makes it easier to spot patterns that might be security attacks. Teams also need to be constantly asking new questions of their data. Fraud is sophisticated and fast moving and event patterns are changing all the time at an astonishing rate. As a result, writing rules into software is just not enough to protect against attackers.
Instead, IT and security teams will need to be quick and agile, always challenging themselves to stay a step ahead of the attackers.
Sourced from Matt Davies, Splunk