The stark reality is that the personal information that businesses hold can be of huge value for criminals. Unfortunately, cybercrime is extremely difficult to both detect and, as attacks are so variable, to defend against. Gone are the days when a crook would leave broken glass at the foot of the windowsill and the safe door hanging open. Today’s businesses must work hard just to understand whether they’ve been the victim of a theft at all, and it can then be an extremely complicated process to determine how it happened. Worse still, it is often impossible to identify who did it. Ultimately, this stacks the odds in favour of the criminals. So how can we turn the tides and start fighting back?
Getting into the criminal psyche
First and foremost, it is important to understand that there are many reasons why cybercriminals target businesses. We have also seen that attacks can come from anyone at any time – whether it is bored teenagers attacking systems randomly for sheer entertainment, or a ring of professionally organised criminals after specific data and results.
Professional groups are often far more focused on their intended victim. They may even be state-funded or sponsored, which gives them access to vast resources and as much time as they need to find a way into the systems they are targeting. This puts them at a very unfair advantage over their victims, who often have absolutely no way of knowing when or how they will be attacked and much less in the way of resources and bandwidth to defend themselves.
Along with the variety of groups that are targeting businesses, there are also a number of different tactics deployed. Traditionally, people are looking for sophisticated inbound web-based or network attacks. However, criminals are now using social engineering techniques such as spear phishing to improve the chances of the malware infiltrating systems. People can still be tricked into doing something like opening a seemingly legitimate email attachment that actually contains hidden malware, providing remote access to their systems.
Unfortunately, this doesn’t always come in the blindingly obvious form of the emails we have all received from solicitors of long-lost relatives in countries we’ve never heard of, offering us a fortune if we’ll only hand over the keys to our bank account. For example, recent attacks on businesses saw highly convincing (but fake) emails from CEOs or CFOs requesting fast-track payments to suppliers; that were so well engineered that a number of businesses fell victim to what has become known as ‘whaling’.
The real danger is that these attacks often bypass the security systems that businesses have in place, rendering them effectively helpless. As a result, security teams can’t afford to be too focussed on spotting the attacks that we have already seen as new ones might be just around the corner. In the same way that the police can’t waste time hunting for criminals that match the profile of Raffles the Gentleman Thief, times have changed; the real threats we should be alert for are the unknown ones.
Catch attackers red-handed
Although firewalls, antivirus, and other traditional tools have their place, cybercriminals are wise to them, so a more advanced approach is needed to protect against modern threats. Attackers already know that your antivirus is guarding the vault door, so they will be looking to enter via the sewers – or even stroll in through the front door. Monitoring system behaviour is a much more effective approach, enabling businesses to identify any potentially suspicious activity that could indicate an attack or vulnerability being exploited – whether instigated externally or coming from an insider.
For example, if the business detects that an employee is accessing data that they shouldn’t need or don’t have the rights to, their line manager can quickly be alerted and if necessary step in to prevent any harm from being done or losses from being incurred. This means that rather than turning up to find an empty vault after the heist has taken place, like last year’s Hatton Garden safe deposit burglary, security teams can see an attack coming and take action before the damage is done.
Building a ‘Most Wanted’ list
Another key challenge that security teams face is the information overload that can come with the sheer amount of potential threat alerts they receive every day.
As such, it is important that security systems are capable of creating a ‘Most Wanted’ list of the threats that require the most immediate attention. This relieves the pressure and allows security teams to investigate the most important or most likely attacks without having to first wade through a sea of background noise.
If security systems can automate the process for diagnosing and even stopping basic attacks and offer diagnostic information, case files and guidance on how bigger, and more dangerous, threats should be mitigated, the security team can also use their time more wisely, to focus on identifying long-term fixes to ensure their systems are as resilient as possible.
Turning the tide on cybercrime
Businesses might easily think they are fighting a losing battle when it comes to cybercrime. Yet with the right approach in place, they stand a solid chance of defending themselves against the myriad of threats out there in a more effective way than in the past. By monitoring system behaviour and looking for suspicious anomalies, security teams can stop the majority of attackers in their tracks before they do any serious harm. Coupling this with intelligence and automation can enable a more effective and timely response. Ultimately, this will help businesses to avoid becoming another statistic in next year’s crime survey.
Piers Wilson, Head of Product Management, Huntsman Security