The cyber-security threat is constantly evolving. Those trying to access information and extort or steal money are becoming more sophisticated all the time. FundForum International at the main threats facing companies today and the factors companies should consider when mitigating the risk.
Ben Smith, RSA, Field CTO, Advisory Engineering, said the threats came from three main groups. First, nation states. These are primarily looking for intellectual property or logistical information but the information which may be of value is not always understood. Ben gave an example of a food manufacturer who did not think it could be a target to nation states as its recipes were known by its competitors. “I asked some questions. You’re a food manufacturer doing shipment to the US and outside the US? Yes. Does that include military installations worldwide? Yes. So I asked them – what about the logistical information about how much food is being shipping to a military base? What if one month the amount goes up by 10 times what it was before? It was an eye-opener for the customer.”
The second category of cyber-threat was criminals, Ben explained, those motivated by financial gain. They are either after money or wanting to monetise information.
Detection and information sharing were just as important as prevention.
The third category was activists, or ‘hacktivists’. These agents were typically not motivated by intellectual property nor motivated financially; they were more motivated around a political goal. Attacks tend to be damaging from a brand management perspective.
Part of the problem facing companies, according to Ben, was a tendency to be too focussed on the prevention model – i.e. building a firewall – and this was allowing all three types of attackers to succeed. “The prevention story stopped being a good story about 10 years ago or even 15 years ago. Too many customers think that because they have a strong perimeter they are fully protected. I’m going to tell you right now, that is not the case.”
When it comes to the cyber-security threat, detection and information sharing were just as important as prevention because it was important to recognise that someone may successfully gain access.
Keisuke Kamata, Regional Director, Japan and Asia, FS/ISAC agreed. “Since around 2011 many financial institutions have realised the importance of sharing information as the threats got more sophisticated. The cyber-security risk was becoming one of the most important risks for the financial institutions. So if a company sees an attack, they want to know if others are being attacked and how other institutions are protecting themselves.”
Keisuke said the kind of information being shared could include where the attacks were coming from, either specific IP addresses or locations, what kind of tools were being used to attack and what systems were being successfully used to maintain protection.
Ransomware attacks were increasing with attackers gaining access to a computer system and encrypting it, then charging a ransom to decrypt it again.
“Criminals leverage human vulnerability. That’s not going to go away.”
The method of access was most often phishing emails. “The primary method for adversaries starting an attack, whether ransomware or some other attack? Phishing tends to be the entry point”, said Ben Smith. “These bad actors will sit in a system and just listen to the traffic that’s goes back and forth between people. They’ll understand the role the different people have and the nicknames people have for each other. Then they craft the email.”
The panel concluded with an emphasis of the importance of companies having an incidence response plan, or IR, in place in the event of an attack. It was important not only to have a plan but to run exercises regularly and to keep the plan accessible to those who might need it while keeping it out of the reach of the attackers themselves. The IR needed to cover all aspects of the organisation’s reaction. “The technical factor is not the main part of the response. Its more organisational factors such as what information we need to collect and it’s important all the stakeholders understand the threats and the effects they can have,” said Keisuke Kamata.
Finally, there was some discussion on whether developments in technology such as blockchain could stop the attackers. Peter Salmon, Senior Director, Operations & Technology, ICI, said there was one key problem, regardless of technological sophistication. “Criminals leverage human vulnerability. That’s not going to go away.”