In-depth

How organisations deal with complex cyber attacks

Increasingly sophisticated cyber-attacks mean businesses need innovative ways of handling advanced threats

Attacks on businesses' networks and servers are getting more complicated. Long gone are the days of it just being spotty teenagers hacking from a bedroom; a whole ecosystem has sprung up over the last two decades that mirrors the development of the software industry itself. Scores of developers working together on new code, others distribute malware, and criminal organisations looking after revenue payments.

As with the cloud, cybercrime service providers cater for those who want to launch DDoS attacks or ransomware-as-a-service.

The whole cyber threat landscape is expanding. In a recent ISACA survey (the State of Cyber Security, 2017), 53% of respondents reported an increase in cyber-attacks upon their organisations and 80% thought it's likely they'll be targeted this year.

Meanwhile, this year's Verizon Data Breach Investigations Report found that, when it comes to different types of attack, Web Application Attacks remain the most prevalent, helped by a multitude of botnet data. However, the report also noted that if botnets were taken out of the equation cyber-espionage would assume the top spot.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Cyber threats are now industrialised, agile and well-equipped with entire chains and structures for the creation and supply of exploits, malware, research and development, botnet creation and the movement of stolen data and funds," says Piers Wilson, head of product management at Huntsman Security.

"For example, if you look at some of the recent politically motivated attacks, information has been stolen, then modified and added to within the data set to make it more compromising and then released in a way, and at a time, to do the most damage (or maximise the political capital)."

Robin Oldham, head of the cyber security consulting practice at BAE Systems Applied Intelligence, says that the complexity of cyber attacks run in parallel with an increasingly complex world. The majority of initial compromises still rely on phishing emails and social engineering to get users to carry out an action on behalf of the attacker for example running a programme or opening a document.

"While the fact the attacker may have penetrated the system is a serious issue, the situation is made worse if it's left undetected," he says.

The attack on the Bangladesh Central Bank most likely used these simple techniques to get in, but the criminals followed this up with sophisticated malware to cover their tracks by rewriting database entries and changing hard copy printouts to subvert. More recently as seen with Operation CloudHopper, highly capable adversaries are targeting outsourced IT providers as a way to compromise company networks by using their administrative privileges.

"By compromising one outsourced provider they can access a myriad of end client networks," says Oldham.

Combatting threats

Technology isn't the answer, according to Richard Walters, CTO of CensorNet. He says that state and criminal actors have proven they can out-pace, out-tech and out-dev the security industry time and time again.

"The answer lies in the security strategy and operational ecosystem that organizations adopt and develop, alongside a set of tools that eliminate noise, automate the obvious, and allow limited security resources to focus on what is most malicious or suspicious," says Walters.

Sam Curry, chief product officer for Cybereason, says such attacks need to be dealt with in three parts; technological, organisational and personal.

"On the technology front, new techniques based on better sources of data (eg behavioural data) and using modern technology stacks (cloud, big data, machine learning, etc) are essential," he says.

Featured Resources

2,000 days: the CIO's world in 2025

What the role of the CIO will look like in five years time

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now

The IT roadmap from modernisation to innovation with consistent hybrid cloud

A guide to a modern, cloud-enabled IT infrastructure

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020