In-depth

How organisations deal with complex cyber attacks

Increasingly sophisticated cyber-attacks mean businesses need innovative ways of handling advanced threats

Attacks on businesses' networks and servers are getting more complicated. Long gone are the days of it just being spotty teenagers hacking from a bedroom; a whole ecosystem has sprung up over the last two decades that mirrors the development of the software industry itself. Scores of developers working together on new code, others distribute malware, and criminal organisations looking after revenue payments.

As with the cloud, cybercrime service providers cater for those who want to launch DDoS attacks or ransomware-as-a-service.

The whole cyber threat landscape is expanding. In a recent ISACA survey (the State of Cyber Security, 2017), 53% of respondents reported an increase in cyber-attacks upon their organisations and 80% thought it's likely they'll be targeted this year.

Meanwhile, this year's Verizon Data Breach Investigations Report found that, when it comes to different types of attack, Web Application Attacks remain the most prevalent, helped by a multitude of botnet data. However, the report also noted that if botnets were taken out of the equation cyber-espionage would assume the top spot.

"Cyber threats are now industrialised, agile and well-equipped with entire chains and structures for the creation and supply of exploits, malware, research and development, botnet creation and the movement of stolen data and funds," says Piers Wilson, head of product management at Huntsman Security.

"For example, if you look at some of the recent politically motivated attacks, information has been stolen, then modified and added to within the data set to make it more compromising and then released in a way, and at a time, to do the most damage (or maximise the political capital)."

Robin Oldham, head of the cyber security consulting practice at BAE Systems Applied Intelligence, says that the complexity of cyber attacks run in parallel with an increasingly complex world. The majority of initial compromises still rely on phishing emails and social engineering to get users to carry out an action on behalf of the attacker for example running a programme or opening a document.

"While the fact the attacker may have penetrated the system is a serious issue, the situation is made worse if it's left undetected," he says.

The attack on the Bangladesh Central Bank most likely used these simple techniques to get in, but the criminals followed this up with sophisticated malware to cover their tracks by rewriting database entries and changing hard copy printouts to subvert. More recently as seen with Operation CloudHopper, highly capable adversaries are targeting outsourced IT providers as a way to compromise company networks by using their administrative privileges.

"By compromising one outsourced provider they can access a myriad of end client networks," says Oldham.

Combatting threats

Technology isn't the answer, according to Richard Walters, CTO of CensorNet. He says that state and criminal actors have proven they can out-pace, out-tech and out-dev the security industry time and time again.

"The answer lies in the security strategy and operational ecosystem that organizations adopt and develop, alongside a set of tools that eliminate noise, automate the obvious, and allow limited security resources to focus on what is most malicious or suspicious," says Walters.

Sam Curry, chief product officer for Cybereason, says such attacks need to be dealt with in three parts; technological, organisational and personal.

"On the technology front, new techniques based on better sources of data (eg behavioural data) and using modern technology stacks (cloud, big data, machine learning, etc) are essential," he says.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Tech becomes Bristol's fastest growing industry
Business strategy

Tech becomes Bristol's fastest growing industry

24 Nov 2020