The almost endless stream of high-end data breaches affecting some of the world’s biggest organisations in the last 18 months highlights the fact that no business is safe from being hacked. From the massive data breach suffered by Target to the high profile leak of Ashley Madison members’ details, it’s clear that every business has to be aware of the latest threats they face from cybercriminals.
We are seeing a surprising shift to attack activity on commercial targets that exhibit characteristics typically observed in nation-state related attacks that aim to disturb economies, disrupt consumer confidence and drive political agendas. For example, health insurance provider Anthem found its name making headlines for all the wrong reasons after cybercriminals stole information on tens of millions of its customers.
Attackers are increasingly going out of their way to disguise their origins, their methods and their sources to gain access to their desired data, with the most popular methods observed:
The natural reaction for many businesses in the wake of an attack is to seek out who has gone to the huge effort to attack them on such a scale. However, it is particularly difficult to assign attribution correctly given the ease with which hackers can spoof information, circumvent logging and tracking or otherwise remain anonymous, as outlined above.
Rather than being fixated on chasing down the hacker, companies should instead be focusing their attentions on the tools, techniques and procedures of their adversary (TTP). This gives businesses a better chance of defeating the next attack or attacker that uses a combination of the same TTP – especially as malware authors share TTP. Businesses that suspect they are dealing with a nation-state attack could in fact be dealing with a much more junior attacker that has simply acquired tools previously used by nation-state actors.
The need to improve security defences to learn from previous failures and address possible future attacks has to be a high priority that should be taken up appropriately by the IT team, while working with professional investigators with the necessary skills and resources.
Businesses should focus on a forensic investigation that profiles the attacker, but only to the extent of understanding their intent and techniques. They can then adjust their defences and processes to maintain an adaptive security approach and prepare necessary statements for senior management, investors, customers and the public.
Having the right balance between their priorities will maximise IT’s contribution to the organisation and ensure the business is appropriately prepared for future attacks. Businesses must ensure they do not get distracted by chasing attribution breadcrumbs, but instead focus their limited resources on threat prevention and remediation.
Carl Leonard is principal security analyst at Forcepoint
Are you an Internet security expert? Take our quiz to find out!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…