We know that cybercrime is a real business risk, writes Ali Neil – Director of International Security Solutions at telecoms firm Verizon – seemingly every week, another report of a major data breach emerges. With so much at stake if a breach is incurred – loss of customer data, intellectual property, brand reputation and more – companies need to adopt a risk based approach to invest wisely and prioritise how they allocate their budgets. They need to think about the holistic end-to-end purpose of their security operating model to counter-this-risk and spend their money wisely and to greatest effect.
Hackers do not alert businesses to their presence. In fact the Verizon 2018 Data Breach Investigations Report (2018 DBIR) found that a 68 percent of breaches took months or longer to discover, and alarmingly 87 percent of the breaches examined had data compromised within minutes or less of the attack taking place. The ultimate aim of cybercrime is not random; security controls shouldn’t be random either. Our findings saw 76 percent of breaches are financially motivated with 13 percent of breaches motivated by the gain of strategic advantage (espionage).
The security industry as a whole has a responsibility to help businesses take a more proactive approach to their security. Increasing confidence through education and helping them to understand the threats they face, are the initial steps to implementing solutions that will be effective in the prevention of cybercrime. Five key guidelines for businesses in monitoring and combatting this daily threat of cybercrime are as follows:
Know your risk posture
Research shows that 90 percent of board members do not understand the cyber risk profile of their business and considering today’s changing threat landscape this leaves many business vulnerable to the cyber dangers out there.
One thing that’s certain is that a dynamic and proactive security strategy is the best option for mitigating against risk. Security programmes must contain continuous improvement and budgets and effectiveness regularly validated to keep them on target with the challenges of the day. However, traditional risk evaluation is often done through point in time engagements which are soon out of date and supply chain audits are increasingly burdensome, diverse in method and costly. CIOs making a business or purchasing decision can now access a dynamic snapshot of their risk profile that is relevant to their industry. This is fused with company specific dark and deep web intelligence and utilises a company risk scoring toolset enabling businesses to make data-driven security decisions based on their risk, and efficiently adapt their security posture in real-time to address any gaps that are identified in their profile. A security that’s based on what’s happening right now is an obvious choice if you’re serious about protecting yourself against cybercrime.
Hunt and confront threats
The next step is engaging and using cyber intelligence to effectively hunt and confront cyber threats head on. The timely automation and analysis of cyber intelligence is a game changer in beating cybercriminals at their own game. Used correctly, cyber intelligence can make the difference between preventing a serious cyberattack – or an attack bringing a business to a standstill.
Verizon operates one of the largest global IP networks, which gives us insight into what threats are being made against a large portion of the world’s data traffic. Cross referencing this with intelligence gleaned from over a decade of analysis from our DBIR series, enables us to offer our customers a treasure trove of cyber intelligence that is hard to beat. This information enables a security professional to identify threats early in the cyber-kill chain and put combative action into place. Basically, this enables us to help our customers to hunt out cyber threats early in the game.
Optimise the usage of data you already have to track cyber threat tracking
Not every business has the budget or opportunity to engage professional security personnel to help review cyber intelligence to determine what security solution is required. However, there are automated, end-to-end, threat hunting tools available that optimise data organisations’ already have. They perform much of the identification, investigation, analyses and decision-making of security professionals, but with computer-driven precision, speed and scale.
They work by automating the hunt for compromised or infected assets by applying data science concepts and machine learning technologies, transforming gigabytes of log data, multiple threat intelligence feeds, and varied raw threat indicators into a prioritised list of high-quality alerts with reduced false positives.
Educate employees
Employees are still falling victim to social attacks. Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated in the 2018 DBIR – with email continuing to be the main entry point (96 percent of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities. More importantly we have seen pretexting incidents increasing over five-fold since the 2017 DBIR, with 170 incidents analysed this year (compared to just 61 incidents in the 2017 DBIR). Eighty eight of these incidents specifically targeted HR staff to obtain personal data for the filing of file fraudulent tax returns.
This clearly demonstrates the need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation and the bottom line. Employees should be a business’ first line of defence, rather than the weakest link in the security chain. Ongoing training and education programs are essential, such as role-specific training to users that are targeted based on their privileges or access to data.
Share information
Verizon has always prided itself on sharing information on cybercrime and threat patterns – that is one of the key factors behind the publication of our annual DBIR. We believe that only by sharing cybercrime information can companies and Governments effectively combat cyber threats. This year, DBIR data gathered from around the world was made accessible to information security practitioners in order to get them to understand the evolving threats they face. The Verizon DBIR Interactive tool, an online portal, enables organisations around the globe to explore the most common DBIR incident patterns from the report.
It is our intention that this sharing of information continues – now and in the future. We hope that companies will continue to proactively share information on breaches as time progresses. Barriers are already lowering, as businesses discover that there is more to be learned from sharing than from sitting in silence.
These are just initial steps towards developing a security strategy that is based on actionable data insights and intelligent security solutions. Continuing to evolve security according to today’s threat landscape is critical. The security landscape will continue to evolve – and we all need to work together if we’re going to be able to keep one step ahead of the cybercriminal.
