Skip to main content

Protection beyond your network’s perimeter

In the past, organisations felt that to protect themselves against a malicious cyber breach, all they had to do was secure their perimeter. This typically involved regularly updating end point security software, installing the best of breed firewalls and continuously running awareness campaigns for their employees so that they don’t open emails from unknown sources.

But the increasing sophistication of cyber criminals and the rapid growth of Dark Web forums, where hacking tools and services have been commoditised, means that organisations must now look outside their perimeter defences if they are to manage cyber risk effectively.

This means investigating the severity of the cyber threats from the outside in. Sadly, most organisations still drastically under estimate the extent to which they are being targeted and monitored by outsiders with malevolent intentions. Sometimes, this process continues for years. Fewer still really comprehend the black value of all their data. The recent Ashley Madison, TalkTalk and JD Wetherspoons (which we were the first to announce) hacks highlighted the danger of ordinary customer details being hacked.

But professional criminals also target corporate bank accounts, product designs and business strategies. Failing all else, hackers frequently use companies they have penetrated as a stepping stone to partner or client organisations. This is commonly referred to as the ‘supply chain’ and is considered a common attack vector as with the Target breach and several attacks on western news sites carried out via their suppliers.

The reason financial cyber fraud, which is estimated to cost between roughly $500 billion and $1 trillion, grabs fewer headlines is that companies, particularly banks, which lose huge sums, are loathe to admit to the losses for fear of loss of investor or customer confidence. Sometimes, companies' confidential data is sold directly to competitors without their knowledge. Similarly, many companies are astonished to discover that confidential data they were not even aware of had been stolen is already up for sale on the Dark Web. The recently revealed JP Morgan hacks, which are reported to have occurred between 2012 and mid-2015, are a prime example of this. The hackers compromised the details of 83 million personal and business and customers, which were then allegedly used to manipulate the stock market.

To successfully trawl the Dark Web requires skills most companies simply do not have

Trawling the Dark Web effectively requires time and skills that most companies simply do not possess. In reality there are two main challenges in doing this successfully, the first is to infiltrate the kind of forums used by criminals and professional hackers. The second challenge would be to comprehend and analyse the vast amounts of data which is available for collection on both the dark web and the rest of the internet.

To successfully achieve this, you need sophisticated machine power to make sense out of the vast data that is out there. Utilising advanced technologies such as Natural Language Processing (NLP) and Ontology algorithms, scalable computing systems can achieved 80-90 per cents of the tasks required for this process. This, coupled with intelligence experts and whitehat hackers makes a powerful combination for successfully creating actionable cyber threat intelligence.

Social media has also become a lucrative vein for cyber criminals to exploit. LinkedIn, Facebook and Twitter not only provide the Dark Web’s ‘social engineers’ with enough information to make a spear phishing attack appear credible, they can also be used to directly breach an organisation’s cyber defences and gain access to their entire database. Think about the trust that we build (within minutes) with the people we engage with on these social networks or with the pages of the brands we love.

Cyberint’s own research has revealed that social media such as Facebook and Twitter are increasingly used as an attack vector used for either delivering malware or collecting credentials in a phishing scheme. Aside from the risk to consumers, there is a growing risk to companies as businesses increasingly use social networks such as Facebook and Twitter not only to network professionally but also promote goods and services to a wider public.

In order to protect against these growing outside threats, organisations must employ a triple- layered strategy.

The first layer is actionable intelligence. CyberInt, for example, collects information from thousands of sources including the Dark Web, the Deep Web and various other open sources. The indicators are collected automatically based on an intelligence profile which we build for our customers. Once collected, the indicators are moved into an analysis layer which uses various techniques to link between all the relevant indicators and make sense out of them. The end results are incidents which are highly targeted and actionable.

The second layer is protection of all the organisation's online assets. These include social media accounts, websites, blogs and even Domain Name System (DNS) records. These assets should be monitored for malicious activity in real time. This allows CyberInt’s customers to get alerts when there is an attempt to use these assets as either an attack vector or other malicious activity (like defacements).

The third layer takes the form of an attacker targeting your organisation and is called the CybeResdiness Suite. This layer allows CyberInt’s customers to orchestrate complex attack scenarios against their organisations to validate their cybersecurity posture. It could be described as an automated Red Team attack. In essence, this allows organisations to test how well prepared they would be in the event that a TalkTalk like attack would target them. In TalkTalk's case, there was a combination of a DDOS attack used as a decoy/smoke screen, mixed with a breach that extracted the data.

It is essential that organisations now start to protect themselves beyond their perimeter, mitigating the threats instead of the incidents. This approach should be multi-layered and take full account of the growing threat from increasingly sophisticated and professional cyber criminals.

Elad Ben Meir is VP of Marketing at CyberInt (opens in new tab)

Photo credit: mikser45 / Shutterstock