Tom Glocer, Chair of K2 Intelligence’s Global Cyber Practice and former CEO of Thomson Reuters, recently hosted a discussion on cyber crime. He addressed concerns by explaining the steps that can be taken to combat the risk of cyber attacks.
Many organizations feel they are ill-prepared to combat cyber crime, and businesses are finding it increasingly difficult to counter the sophisticated nature of attacks. There is a lack of clarity in the business community on what they can rely on government to do and what measures they must take themselves to protect against cyber threats.
An Insight on the Motivation of the Attacker
When dealing with cyber crime, it’s very helpful to have an understanding of the motivation behind attacks, as it can provide insight into the perpetrator. The principal categories of cyber attacks are:
- Nation state attacks—such as the alleged attacks by North Korea on Sony and Iran on Saudi Aramco.
- Commercial espionage—such as that often attributed to China.
- Hacktivists or online terror organization attacks—increasingly, small cells can have an enormous impact as seen in the Syrian activists’ hacking of Obama’s Facebook and Twitter accounts, or the infamous Apple iCloud incident.
- Cyber crime for financial gain—often part of organised crime.
Understanding the motivation of attackers should inform the cyber defense strategies employed by organizations. In addition, there are strategies organizations can employ to mitigate against an attack, should the occasion arise.
Anticipating an Attack
It is becoming increasingly important for organizations to take action, in the expectation that attacks will take place. The principal ways to bolster cyber defense are through the following:
- Training: Employee behavior accounts for up to 80% of breaches, and in many cases they are responsible for letting the attacker in (wittingly or not). Training should ensure employees are fully aware of social engineering and spear phishing attacks, where they are tricked into handing over details. Even basic levels of training, such as selecting proper passwords, will help to mitigate risk. A recent ThreatSim report said that phishing campaigns can see their click rate drop from 25% to 4% with two years of employee training.
- Technical strategies: A detailed threat and risk assessment will identify the key technical measures needed to insure the confidentiality, integrity, and availability of the information assets. For example, ensuring that data is encrypted both when in transit and at rest can increase the level of protection with respect to confidentiality and integrity.
- Intrusion testing: Threat vulnerability can be assessed by testing an organisation’s security via “friendly hacks.” This assesses the strength of perimeter controls and whether the design of a network is appropriate, checking that it limits access to select areas or if it can be easily breached.
The Importance of Intelligence in Cyber Defense
When anticipating a cyber attack, gathering intelligence and putting it in the right context are vital components of ensuring that strategies are fit for purpose. When tailoring protection for an organisation, K2 Intelligence gathers vital information from assets in Europe, the United States, and Israel, the home of its center of excellence in dark Web surveillance. It seeks to establish an early warning system for a company or industry by considering the correct priorities and trying to identify patterns from attacks. The following key questions are considered:
- What are the types of malware to look out for? Zero-day attacks such as Aurora exploit vulnerabilities in applications and operating systems. They give the hackers a huge time and evasion advantage and can be extremely damaging if left undetected for long periods.
- What can be learned ahead of the attack that can prevent access to targeted networks and files from being compromised? “On the ground” threat intelligence often provides indications as to the nature of the attack and many threat actors employ similar and often repeated attack techniques.
- What is the motivation behind an attack? Often attacks are opportunistic in nature; however, focused attacks are generally driven by espionage-style attack groups. In these instances, the attacker specifically carries out research to attempt to evade known security controls in place by the organization.
Despite efforts to anticipate and guard against cyber attacks, these incidents are occurring with increasing frequency and the methods of attackers are becoming progressively sophisticated. It is therefore essential to have an incident response plan in place.
Incident Response Service
In the event of an attack, it is really important to have a response service in place, which will quickly determine who is in the network, what has been taken, assess any damage and prevent further unauthorized access. A typical response service also coordinates the corporate governance, legal, and regulatory responsibilities and will prepare board statements where necessary. Furthermore, when dealing with known perpetrators, K2 Intelligence’s investigations practice can support criminal and litigation proceedings, culminating in successful prosecutions in collaboration with internal or external counsel.
K2 Intelligence’s cyber investigations and defense capabilities include intelligence, incident response, defense strategy, executive training, board presentations and discussions, assessments, and due diligence, all of which rely on sophisticated web-based and human intelligence gathering techniques. Following the recent investment in K2 Intelligence by AIG, the companies have agreed to co-develop products and services that support clients when mitigating and managing their cyber risk. If you would like to discuss your cyber security concerns, please contact us.