Today’s cyber criminals are increasingly adept at gaining undetected access and maintaining a persistent, low-profile, long-term presence in IT environments.
Meanwhile, many organisations may be leaving themselves vulnerable to cyber crime based on a false sense of security, perhaps even complacency, driven by non-agile security tools and processes.
Many are failing to recognise cyber crimes in their IT environments and misallocating limited resources to lesser threats. For example, many organisations focus heavily on foiling hackers and blocking pornography while potential-and actual-cyber crimes may be going undetected and unaddressed.
The pace at which new cyber threats emerge is also challenging many organisations - especially those in direct relationship with consumers or which utilise mobile devices for access to business systems. With more than 25bn apps downloaded from Apple’s App Store since its launch, it highlights another paradigm shift for computing, digital content, software and access to the business apps and the web.
Fighting cyber crime, whether using mobile devices, mobile apps, or the net, needs a collaborative approach, which is where the chief executive, chief information officer, the chief information security officer, chief operating officer, corporate security officer and legal counsel need to combine their effort and focus.
To maintain consumer confidence, protect IP, investment and to maintain a robust consumer relationship (built on trust), organisations who want to stay online, need to adopt a more defensive approach to managing this aspect of their cyber business.
They must conduct ongoing threat analysis, develop preparedness and readiness strategies and build process with appropriate technical solutions to successfully mitigate / or reduce the chances of becoming a victim of cyber crime.
However, committing staff resources and expertise to this work can be costly. Furthermore, addressing just technical solutions will only ever be part of the answer.
Dealing with technical defences or trying to address this problem in silos is neglecting the key point; that cyber crime typically impacts across an entire business, sector, affecting more than one individual, department and more often than not - affecting more than one brand, product, service or worse - your customers trust.
Out with the old, in with the new - a new approach is needed
A more traditional approach to defend against cyber crime is to increase security technologies such as perimeter-intrusion detection, signature-based malware, and anti-virus solution, these are fine, but even these technologies are not foolproof, principally because:
- A large number of unique security appliances are generating even larger numbers of false positives and false negatives.
- Many of the recent web attacks are targeted utilising customised malware packages, a change of a few lines in malicious codes deem them undetectable by standard security products.
- Current signature-based information security controls are not effective against sophisticated, evolving cyber threats that have been increasingly using zero-day vulnerabilities in popular software and hardware products.
- Most cyber attacks rely on social engineering and human errors, many of which cannot be prevented using security technologies.
So what’s the solution - to strengthen the defence network?
The underlying philosophy is simple, to prevent and be ready for a cyber incident. This is achieved via a number of channels and mechanisms, such as the development and delivery of staff education, training programmes to help build investigation and crisis management capacity or investment in converged technologies such as security incident event management (SIEM).
Technical experts should be trained to provide scientific forensic support for investigations and full simulations should be run to ensure adequate response times in the event of major cyber incident / attack.
Simulating cyber incidents gives organisations the opportunity to exercise their internal processes as well as identify ways in which responses can be effectively coordinated. Further advantages can be seen in the interrelationship between strategies, people, process and technical provisions.
A collaborative approach
The risks and threats of cybercrime will not go away, organisations are presented with an arsenal of different solutions designed to secure access, detect fraud, and authenticate users. These solutions may individually address specific threats, but on their own are likely to be defeated by tomorrow’s new and improved cyber attacks.
To make matters worse, cyber crime follows the user. New technologies, such as always-on mobile devices, online file shares, instant communications, social networks and cloud computing, will initiate new ways in which cyber crime can be committed. So, a future defence against cyber crime requires a collaborative approach, using both strategic, tactical, process and technology coordination.
How to approach the problem
A cyber security and real-time threat management strategy should be designed to maximise the value from existing security controls and you’ll need to take a holistic view of the changing threat landscape that covers several key focus areas including; how the underground economy is organised; how cyber criminal tools and techniques being used and to further understanding threat vector, residual risks, emerging cyber threats, and threat agents.
By ensuring the organisation follows the simple four-step process of assess / detect, prevent, predict and respond, your organisation can ensure it is building a robust cyber security strategy, that will help defend and prepare the organisation for any potential event / incident that could impact you - this cyber security ‘ready’ state is known as ‘situational awareness’. The four-step process will help your organisation prepare, predict and respond, it won’t be easy at first, but well worth the effort:
1. Assessment - navel gazing
- assess your cyber security capability and your maturity;
- determine if you have sufficient People and appropriate process;
- validate your existing internal security controls;
- review key supply chain security controls.
1.1 Detection - ‘situational awareness’
- design and define your cyber profiling diagnostics tools;
- coordinate your vulnerability assessment and ensure single view of threat landscape;
- establish external cyber attack diagnostics feeds and tools;
- establish internal cyber attack diagnostics feeds and tools.
- cyber security awareness campaign (eLearning and workshops);
- HR vetting and talent management (motivation, monitoring, whistle-blowing);
- prepare the security infrastructure and network zoning design (segregation/air gaps);
- know your employees - identity and access management (IAM) (recertification programme);
- build the SIEM / SOC and ensure architecture design is inclusive;
- advanced persistent threat (APT) mitigation program;
- fraud management program.
- harness the cyber threat intelligence gathering (multiple sourcing);
- organisation and supplier profiling automation (know your vulnerabilities);
- threat intelligence and malware research portals (Link into your AV vendors);
- design the compromise and urgent threat alerting triggers;
- cyber threat reports (utilise your reporting tools).
- test your incident response program design and development;
- incident response program maintenance;
- security breach diagnostic.
2. Prevention is better than cure
- cyber security awareness campaign (eLearning and workshops);
- HR vetting and talent management (motivation, monitoring, whistle-blowing);
- prepare the security infrastructure and network zoning design (segregation / air gaps);
- know your employees - identity and access management (IAM) (recertification programme);
- build the SIEM / SOC and ensure architecture design is inclusive;
- advanced persistent threat (APT) mitigation program;
- fraud management program.
3. Predict
- harness the cyber threat intelligence gathering (multiple sourcing);
- organisation and supplier profiling automation (know your vulnerabilities);
- threat intelligence and malware research portals (Link into your AV vendors);
- design the compromise and urgent threat alerting triggers;
- cyber threat reports (utilise your reporting tools).
4. Respond
- test your incident response program design and development;
- incident response program maintenance;
- security breach diagnostic.
Therefore whether you are 100 or 100,000 employee sized organisation you need a converged approach to cyber crime, and a cyber security [defence] strategy. The kind of strategy and process that can be tested and rehearsed will be the difference between effective risk management, leaked IP or company secrets and should ensure your organisation does not become the next victim of cyber crime.