The Chang­ing Cy­ber Threat Land­scape

THE EX­PLO­SION OF NEW DE­VICES BE­ING CON­NECTED TO THE IN­TER­NET HAS CRE­ATED MA­JOR BEN­E­FITS FOR BUSI­NESSES, FA­CIL­I­TAT­ING THE SHAR­ING OF IN­FOR­MA­TION IN WAYS THAT WERE UNIMAG­IN­ABLE A FEW YEARS AGO. HOW­EVER, THIS HAS ALSO RE­VEALED INNUMERABLE KNOWN AND UN­KNOWN W

Insurance - - CONTENTS - Text San­jay Sa­muel | Man­ag­ing Di­rec­tor | BAE Sys­tems Ap­plied In­tel­li­gence JAPAC

Why do so many com­pa­nies still find them­selves the vic­tims of suc­cess­ful cy­ber at­tacks, in spite of all the lay­ers of pro­tec­tion they have put in place and the sig­nif­i­cant in­vest­ments they have made in cy­ber se­cu­rity over the past few years? The cy­ber threat land­scape is con­tin­u­ally evolv­ing and at­tack­ers are find­ing in­no­va­tive new ways to cir­cum­vent net­work de­fences. Pre­vi­ously un­known soft­ware bugs, or "zero day at­tacks", are be­com­ing a mount­ing se­cu­rity prob­lem for pub­lic and pri­vate en­ti­ties, and can lead to com­pro­mised sys­tems, fraud­u­lent ac­tiv­ity and in­for­ma­tion breaches.

Cy­ber crim­i­nals are con­cur­rently cre­at­ing more so­phis­ti­cated and spe­cialised mal­ware, and lever­ag­ing the open mar­ket to gain faster ac­cess to zero day vul­ner­a­bil­i­ties they can ex­ploit. In 2005, for ex­am­ple, the New York Times re­ported that seven mal­ware "fam­i­lies" rep­re­sented 70% of all mal­ware ac­tiv­ity, while in 2014, 20 "fam­i­lies" rep­re­sented 70% of all mal­ware ac­tiv­ity.This pro­lif­er­a­tion and rapid change in the sources of mal­ware has made tra­di­tional fire­walls and anti-virus func­tion­al­ity of lim­ited use on their own in de­tect­ing and pre­vent­ing at­tacks.

This is com­bined with the con­ver­gence of cy­ber and fi­nan­cial crime. Many high-pro­file at­tacks on fi­nan­cial ser­vices com­pa­nies are car­ried out by in­di­vid­u­als or groups of hack­ers for fi­nan­cial gain, with re­cent at­tacks such as the Bangladesh bank heist, of­ten achiev­ing that us­ing a com­bi­na­tion of cy­ber crime and fi­nan­cial fraud.

We live in a dig­i­tal age where both cus­tomers and em­ploy­ees can ex­pect to have their in­for­ma­tion stolen. As an in­surer, not only do you need to be mind­ful of phish­ing and mal­ware com­ing through your email chan­nel, you also need to be wary of cus­tomers hav­ing their iden­ti­ties stolen by crim­i­nals us­ing cy­ber tech­niques such as so­cial en­gi­neer­ing, and then selling them on the dark web to users who wish to cre­ate fraud­u­lent in­sur­ance con­tracts and carry out claims fraud.

Lead­ers need to be pre­pared and ready to pro­tect their busi­ness in this chang­ing cy­ber threat en­vi­ron­ment. Busi­nesses use a num­ber of strate­gies to im­prove their defence and try to min­imise th­ese threats.

GREATER IN­FOR­MA­TION AND DATA SHAR­ING IN­SIDE AND OUT

At­tacks are com­ing from both in­side and out­side the or­gan­i­sa­tion, so the or­gan­i­sa­tion needs to be com­pletely lined up to deal with this chal­lenge. This means claims, call cen­tre, an­a­lyt­ics and in­for­ma­tion se­cu­rity teams need to be shar­ing in­tel­li­gence and work­ing to­gether to de­fend against at­tacks.

We share a lot of in­tel­li­gence and in­for­ma­tion within the com­mu­nity al­ready and this is para­mount to de­feat­ing cy­ber and fi­nan­cial crime. By us­ing So­phis­ti­cated So­cial Net­work Anal­y­sis and a con­sor­tium ap­proach, they are able to iden­tify cross in­surer and com­plex or­gan­ised crime rings more read­ily.

ED­U­CAT­ING STAFF

Good cy­ber­se­cu­rity should al­ways start with ed­u­ca­tion of staff of ex­ist­ing and emerg­ing threats and how to avoid them. With ed­u­ca­tion, em­ploy­ees can im­prove their abil­ity to iden­tify a sus­pect email de­signed to ob­tain sen­si­tive in­for­ma­tion. How­ever, this re­quires a sig­nif­i­cant, and on­go­ing, com­mit­ment to train­ing.

THREAT IN­TEL­LI­GENCE

Lead­ers need to en­sure they un­der­stand the threats and vul­ner­a­bil­i­ties in their busi­ness. As the cy­ber threat land­scape evolves, so too does the need for more sit­u­a­tional aware­ness, more ro­bust de­fences, and real-world test­ing of those de­fences.

It is also im­por­tant to widen the se­cu­rity fo­cus to in­clude un­known and new threats, and to un­der­stand the un­usual be­hav­iour pat­terns that can be iden­ti­fied in data. This is

known as threat in­tel­li­gence. Threat in­tel­li­gence de­liv­ers rich in­for­ma­tion on new mal­ware, pre­vi­ously-un­known per­pe­tra­tors, emerg­ing trends, and more. This can fuel an­a­lyt­ics and pro­vide a bet­ter un­der­stand­ing of the threat en­vi­ron­ment.

Threat in­tel­li­gence gath­ers in­for­ma­tion about po­ten­tial se­cu­rity breaches that are rel­e­vant to the client or­gan­i­sa­tion’s spe­cific en­vi­ron­ment. This gives se­cu­rity pro­fes­sion­als im­me­di­ate, tai­lored and ac­tion­able in­for­ma­tion that they can act on quickly to pro­tect the or­gan­i­sa­tion, fo­cus­ing the threat mit­i­ga­tion ef­fort and re­duc­ing re­sponse times.

But that in it­self is not enough to de­tect ma­li­cious cy­ber ac­tiv­ity. You also need to know what to look for, how to look, and where to look. And of course, not all "sus­pi­cious" cy­ber ac­tiv­ity is ma­li­cious: a lot of ac­tiv­ity is be­nign or "nor­mal" even though it may fall un­der the spot­light of ac­tiv­ity which could be in­dica­tive of a cy­ber threat. There­fore, when au­to­mat­i­cally analysing mas­sive data sets, ad­di­tional in­tel­li­gence needs to be built into the an­a­lyt­ics to en­able the so­lu­tion to de­ter­mine whether ob­served be­hav­iour is truly in­dica­tive of a threat or is ac­tu­ally nor­mal within the con­text of that net­work and the busi­ness op­er­a­tions it sup­ports.

DATA DRIVEN AN­A­LYT­ICS

The next step in cy­ber defence is for or­gan­i­sa­tions to evolve their ap­proach to de­tect­ing ma­li­cious be­hav­iour. They will re­quire ad­vanced se­cu­rity op­er­a­tions cen­tre (SOC) ca­pa­bil­i­ties that build on tra­di­tional se­cu­rity in­for­ma­tion and event man­age­ment (SIEM) so­lu­tions by us­ing com­plex be­havioural an­a­lyt­ics across the vast quan­ti­ties of data they al­ready col­lect. Se­cu­rity data an­a­lyt­ics is key to un­der­stand­ing what is hap­pen­ing on an or­gan­i­sa­tion’s net­works and, specif­i­cally, if a com­pro­mise and ex­fil­tra­tion is tak­ing place.

IN­TEL­LI­GENCE-LED PEN­E­TRA­TION TEST­ING

In to­day’s cy­ber age, se­cu­rity test­ing needs to move from "tick-box" ap­proaches to be based upon rich con­tex­tu­alised threat in­tel­li­gence. This in­forms and guides how the test­ing should be con­ducted, what at­tack meth­ods should be sim­u­lated, and where testers should fo­cus their re­sources.

It should be car­ried out through pen­e­tra­tion test­ing, as a preven­ta­tive mea­sure to re­move flaws prior to launch­ing a sys­tem. Pen­e­tra­tion test­ing should also be used as an on­go­ing de­tec­tive mea­sure, through red team­ing, to iden­tify those flaws that slip through test­ing, that are in­tro­duced through sys­tems in­te­gra­tion and it­er­a­tion, or that emerge as new vul­ner­a­bil­i­ties are found.

AF­TER THE AT­TACK

This needs to be in­te­grated as part of a lay­ered ap­proach to busi­ness defence — us­ing co­op­er­a­tive, mu­tu­ally-sup­port­ing con­trols to in­ter­rupt at­tack­ers as they at­tempt to move from one phase to the next. Tech­nol­ogy such as email and web se­cu­rity sys­tems aim to pre­vent an at­tack suc­ceed­ing, whilst post-at­tack tech­nol­ogy, in­clud­ing mon­i­tor­ing and anal­y­sis tools, and se­cu­rity in­for­ma­tion and event man­age­ment, de­tects at­tacks which have suc­ceeded and al­lows mit­i­ga­tions and dam­age con­trol.

While it is im­pos­si­ble to pre­vent ev­ery sin­gle at­tack from oc­cur­ring in the rapidly-chang­ing global threat en­vi­ron­ment, or­gan­i­sa­tions can in­crease their chances of deal­ing with ex­ist­ing and emerg­ing threats quickly and ef­fec­tively by us­ing threat in­tel­li­gence to un­der­stand the threat, and in­cor­po­rat­ing a lay­ered ap­proach to se­cu­rity.

Lead­ers need to be pre­pared and ready to pro­tect their busi­ness in this cy­ber threat en­vi­ron­ment.

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.