Disruption is big business for cybercrims

The cybercrime landscape is changing as threat actors adopt increasingly targeted and sophisticated tools to attack businesses that are undergoing significant change.

Business growth is driven by change. And the advent of many new technologies such as the emergence of the Internet of Things and the adoption of blockchain is disrupting old business models. This disruption is fuelling growth but, at the same, is creating vulnerabilities that didn’t exist just a year or two ago.

Charles Lim, a Principal in Frost and Sullivan’s cybersecurity practice, told the audience at Trend Micro’s Executive Threat Summit held in Melbourne, that Australia, as an early adopter of many emerging technologies, may be vulnerable as threat actors adapt their attack strategies faster than businesses adapt their defence.

Lim says cyber-attacks are costing Australian businesses approximately $17B per year. That’s about 1% of the country’s GDP.

While many companies have moved away from simply deploying firewalls and end-point protection to more sophisticated tools, cyber-criminals are focussing their attention on the weakest links in the security chain.

This is why the rise in ransomware attacks continues says Lim. By attacking end users, businesses can be crippled. He cited examples such as Israel’s Electricity Authority and numerous hospitals in the United States and, earlier this year, the pathology department at the Royal Melbourne Hospital as examples. And while data might not have been lost there has been a substantial cost. Lim says data from the ACCC indicates about $400,000 has been paid out by Australians in response to ransomware attacks.

The NATO perspective

Anil Süleyman is the head of the Cyber Defence – Emerging Security Challenges division at NATO. To get some idea of how seriously NATO takes cyber-threats, his team is at the same level on the organisational chart as the team that is responsible for the non-proliferation of weapons of mass destruction.

His team is comprised of both technical experts and people from across different business disciplines. Süleyman says this is critical as threat analysis and remediation requires situational awareness as well as technical acumen. NATO also engages in a number of industry partnerships to ensure threat intelligence is shared

NATO’s network is a private WAN that covers 54 locations, spread far and wide across the planet, with over 100,000 user accounts organised into ten different security levels.

His team sees about 30,000,000 security events each day in their logs. Of those, about a dozen result in incidents that require further investigation and action. He says it it is simply impossible to manage that volume of data without the use of intelligent systems that automate the threat triage process.

One such threat hit the NATO network in April 2005 and served to heighten awareness of emerging threats. That incident involved a piece of malware that was specifically created with the aim of attacking NATO. It was not detected by traditional end-point protection tools at the time and wasn’t reported by member nations for another three months.

Despite having access to the best tools and a strong team, Süleyman says it is inevitable that some attacks will get through their defensive measures. That means it is critical to have strong response and remediation processes in place.

Süleyman highlighted the importance of having strong forensic tools not just in the network but also at endpoints.

And he said one often under-utilised tool was having a single point of contact for all cyber incidents.

With users often seen by attackers as the easiest point of ingress for an attack. Süleyman noted NATO has a strong commitment to ongoing education. With the organisations significant resources, NATO runs a number of schools across the world where education on cyber threats can be undertaken.

new easyXDM.Socket({remote: "", container: document.getElementById("survey-b54af301"), swf:'//', onReady: function(){ var shim = document.getElementById("survey-prev-b54af301"); shim.parentNode.removeChild(shim); this.container.getElementsByTagName("iframe")[0].style.width="100%";}, onMessage: function(message, origin){ this.container.getElementsByTagName("iframe")[0].style.height = message + "px";}});