It’s part three of our deep look into cybersecurity and this week, we’re looking at a James Bond-type scenario that a decade ago would have been the figment of a tech writer’s imagination.
We bang on and on about it but over the last ten years or so we’ve seen some quite staggering data breaches:
- Yahoo! – 3 billion: 2013
- Marriott – 500 million: 2014 – 2018
- Yahoo! (again) – 500 million: 2014
- MySpace – 360 million: 2016
- Under Armor – 150 million: 2018
- eBay – 145 million: 2014
- LinkedIn – 100 million: 2012
- JP Morgan Chase – 83 million: 2014
- Sony PlayStation Network – 77 million: 2011
- Uber – 57 million: 2016
- Facebook – 50 million: 2017
Some quick maths and that amounts to A LOT of people whose personal and sensitive data has been stolen and presumably been made available on the dark web (more about that in weeks to come)…
But, even though it’s (probably) safe to say that the above weren’t done by a 30-year old man-child in his bedroom at his parent’s house surrounded by KFC boxes and empty Red Bull cans, there are now bigger and more serious players on the metaphorical pitch.
There’s A War Going On
We’re talking about a global trade cyber-war. In order to gain the competitive advantage, there are certain people and organisations who are determined to trigger a series of cyber-espionage attempts between nation states to get what they want. While the Russia-America thing rolls on and on, there will be others and unfortunately, enterprises of all sizes are going to get caught in the crossfire as collateral damage.
We reported last week that 88% of customers surveyed by Forcepoint are concerned about potential attacks on the critical infrastructure their organisation relies on and 85% or organisations have not fully deployed automation in their cybersecurity processes. Furthermore, 87% don’t have the budgets to provide the levels of cybersecurity they want or require so the need for a paradigm shift in the approach to cybersecurity is as acute as it’s ever been.
When Did The War Start?
Back in the mid-to late 1990s when the internet was nothing more than a spotty teenager, there was a growth spurt which involved rapid innovation, open trading and cross-border, cross-pollination. It was, for all intents and purposes, a massive, open source playground for the development of thoughts and ideas aimed at global betterment.
But it kinda hasn’t worked out like that.
We’re now returning to protectionist posturing and as inter-state trust diminishes, trade sanctions are upheld and embargoes are enforced, nations are now struggling to acquire the tech innovations and IP they need to develop their industry and infrastructure.
So if they can’t get it by fair means, they have to resort to foul.
Unlike the early Bond films where you had to have someone on the ground to physically get the disc or the tape, today’s theft is carried out online.
According to Luke Somerville, the Head of Special Investigations at Forcepoint, it’s not only governments and security agencies who need to be concerned about cyberattacks.
‘It’s often IP supplied to governments by private organisations that other nation states want to get their hands on, such as the designs for components, which may make their way into critical tools and infrastructure and if they’re no longer able to access that expertise on the open market, they will target those companies to steal them instead.’
He continues; ‘Even if your company has no direct link with a target, you could still be affected. Beyond the general risk of collateral damage you may be a target if you supply a government supplier or are even further down the chain. Compromising your systems may make it easier for the attack to flow up the supply chain and reach the real target.’
What he is saying is that companies of all sizes need to ensure they have the right protections in place to prevent cyberattacks, but it’s easier said than done.
According to Gartner, global spend on InfoSec products will top $124 billion this year but while more and more money is being thrown at the issue, the number of vulnerabilities is growing in terms of data records, new malware samples and malicious programs, notwithstanding the media fallout when breaches happen.
Top-level execs are literally being kept awake at night worrying about the effects a data breach would have on their business and reputation, especially since the amount of money they’re spending isn’t giving them the protection they need.
If It Ain’t Broken…
Well, it is broken so it’s gotta be fixed, so says Duncan Brown, Chief Security Strategist EMEA, at Forcepoint.
‘The current paradigm is broken. There are tonnes of technology deployed out there, which is effective to a degree, but not stopping the breaches. The paradigm is to constantly try to second guess the hackers, essentially by looking in the rear-view mirror, but it’s a fool’s game.’
‘The attack community is much more creative than that. The paradigm needs to change. We can’t keep spending all this money where it is palpably not working. Broadly, there are two main ways to prevent theft of your critical data: hope and pray, or get on the front foot and organise yourself to expect an attack. Many are still in the former mindset.’
One piece of advice worth taking is, as he says, expect to be attacked and be armed with a comprehensive incident response plan. Often, the worst damage comes not from the data breach itself but from the fallout and the way the company responds. When TalkTalk and Equifax were done, the damage to their respective brands was made more acute by their poorly-judged, knee-jerk reactions.
Keep Your Friends Close But Your Enemies Closer
It’s true, we don’t want anyone else knowing our secrets but where cybersecurity is concerned, knowledge sharing can be your biggest ally. A business enemy can also be your cyber cold war friend and should be viewed as such.
But there’s a bigger picture issue to also be aware of. Traditionally, the focus has been on the construct of a physical perimeter to stop attackers from getting in but now it should be about focusing attention on understanding where a business’ valuable assets lie. Technology will always be trumped by new and emerging threats so when a new threat vector manifests itself, companies run around like headless chickens trying to fix it but the trouble is that we will never have a 100% view of the threat landscape so companies should flip the equation and focus on what can be controlled.
It goes one step further with the answer in the understanding of the points at which people and data interact. Human interactions with data underpin every organisation, so tracking and analysing those interactions in detail enables companies to understand what’s abnormal. Once they know what’s abnormal, they can quickly and accurately detect when something is wrong. By understanding normal behaviour patterns, you can apply different risk assessments to abnormal behaviour, user by user.
So, for fear of getting boring, we’ll say it again…
It’s hardly rocket science. If you hold personal data (and you do), it needs to be safeguarded so it doesn’t fall into the wrong hands.
To talk to us about adopting a robust and scalable yet cost-effective cybersecurity solution, email us today on firstname.lastname@example.org or call 020 7078 0789.