Blog article
See all stories »

Cyber-attack: are you combat ready?

Week by week there are stories of renewed cyber-attacks, such as the theft of customers’ personal details from TalkTalk. The simple and fundamental truth is that businesses and governments must get their systems in a state of combat readiness or risk being exposed by cyber-criminals.

As hackers become more sophisticated, banks are seeking ways to lessen the impact of attacks. For example, in a move by some big banks including Lloyds Banking Group and Barclays, ‘ethical hackers’ are being paid up to $200,000 to hack banking systems to test their resilience to cyber-attacks, according to the Financial Times (FT). These groups of hackers need to be vetted and certified by the Government Communications Headquarters (GCHQ) before they can carry out the attacks to ensure they are not cyber-criminals masquerading as ‘consultants’.

Banks are also employing the services of top law enforcement and counter-terrorism officials to bolster digital security and compliance. Since 2013, former MI5 head Sir Jonathan Evans has been a non-executive director of HSBC, specialising in counterespionage, protecting classified information and the security of critical national infrastructure. Sir Jonathan’s main focus is counter-terrorism, both international and domestic, with increasing efforts against cyber-threats. Similarly, JPMorgan hired former US Army Chief of Staff Ray Odierno to advise the bank on issues including international risks and cyber-security.

The reality is that, while it is positive that some of the largest banks in the world are upgrading their defences, this will mean very little if across the board other industries do not follow suit. GCHQ has already issued a warning shot to private businesses, stating at its annual convention that UK organisations’ defences are too weak to withstand the level of cyber-attacks currently taking place.

If you are connected to the internet, you are connected to the problem, which means this is an issue affecting everyone, in every industry, everywhere. The internet has brought home the advantages of ‘connectedness’ but it is this same benefit which presents the greatest risk in the cyber-attack arena where the compromise of one system can have a network domino effect.

GCHQ currently identifies 200 cyber-attacks per month, up from 100 last year. This means the UK faces seven significant attacks – meaning they have the potential for catastrophic damage – every, single day.

In this context, the key question to ask is what does your business need to do to get ‘combat ready’? Clearly it is not feasible for every business to engage certified ‘ethical hackers’ to test their defences and the skills shortage of cyber experts makes it hard to recruit this talent however desirable this may be. Building solid defences against cyber-attacks should not be viewed as achievable through the introduction of a single miracle product. Cyber-defence is a process which starts with a business review and the implementation of ISO or SANS standards.

The traditional response to cyber-security is to implement strong perimeter defence measures which are offered by the majority of vendors operating in this space. Perimeter defence is important because it blocks out the vast majority of malware and related contamination. The weakness with perimeter defences is that they tend to function best when managing ‘known’ threats and like any fence they are not dynamic enough to respond once a covert incursion has taken place. A more complete cyber-security programme must also offer sophisticated, enhanced protection from threats that have never been seen before – threats that continue to evolve rapidly.

Identifying these ‘unknown’ threats and providing immediate and actionable intelligence to protect against them – or to reduce the damage they can cause – is the missing piece of the cyber-security puzzle in relation to high consequence cyber-crime.

This requires powerful analytics tools constantly surveying the inside of perimeter defences, searching for anomalies in behaviour across the network. These tools operate inside the company network, rapidly ingesting and processing a broad range of data, and then using advanced machine learning techniques to analyse the data for anomalous patterns that are out of step with usual behaviour. 

For instance, by establishing an understanding of the company’s network and its routine operations, the software uses advanced machine learning techniques to search hidden threats. This could be a device trying to access large amounts of data or connecting to too many external devices – possible indications of both external and internal threats. When a threat, or a combination of threats, is identified, an alert is triggered.

The software discovers and identifies the highest priority threats for investigation, enabling the analyst to focus on what’s most important. These insights then support informed cyber-responses before these never before seen threats become dangerous and unsolvable problems.

Discovering hidden threats early in the timeline means potential harm and damage to a network can be identified, remedied and mitigated before significant operational or reputational impact occurs.

The deep analytic capability of anomaly detection software is therefore a critical component of an overall security strategy. It enables security teams to concentrate on identifying cyber-risks, areas of vulnerability and threat detection, including indicators of current compromise.

The reality is that anything less than world-leading security will leave banks vulnerable to sophisticated threats. This is the nature of the global threat environment.

 

Time to tighten cyber-security

Comments: (0)