14 June 2017
Blogs by author: Ivelina Koleva, Cyber security portfolio strategy lead at BT
The motivation behind major cyber attacks is often unclear. But here are three steps you can take to improve your security and keep the hackers out.
Cyber criminals are becoming relentless — and 2017 has been no exception. Last year saw unprecedented attacks, politically motivated sabotage and overt attempts to disrupt electoral processes. Unfortunately, these trends continue and show no signs of abating.
Innovation, economies of scale, new sophistication and trends that open up new frontiers for cyber crime are all marking profound shifts in the focus of attacks.
So what makes threat actors tick?
There are numerous classes of threat actors — from unskilled individuals (also known as script kiddies) and disgruntled employees to cyber criminals, hacktivists and government cyber warriors.
These threat actors can have different motives — including profit, intellectual curiosity, achieving notoriety, disgruntlement and ideology. The list goes on. And we tend to want to put threats in different buckets based on threat actors’ classification and motivation. But, often, these reasons blur.
Some of the groups and people in them can do a dozen different things for a dozen different reasons. Groups can also cluster and collaborate to create new threats and achieve unprecedented amount of harm. These clusters are becoming an increasing concern as they swap ideas, support each other and develop new capabilities.
The evolution of ransomware success
The WannaCry cyber attack, which spread across the world at lightning speed, illustrates the complexities of the new threats created by different groups of threat actors. Shadow Brokers (the hacker group who first appeared in the summer of 2016) released the hacking tool initially, which was then repurposed for malicious use before likely being turned into ransomware by a third group or individual.
However, it’s important to remember that all of these threat actors are human. Innovations and technological advances can define the intensity and persistence of an attack, but so can motivation. Understanding a threat agent’s motivation can enable your organisation to design more tailored controls — and potentially even mitigate a threat itself.
Disrupting the disruptors
So what can you do to strengthen your organisation’s defences against obscure motivation and a rising level of ambition to disrupt? You have to start by adopting a proactive approach to cyber defence.
Make threat intelligence actionable
Threat intelligence is essential for tackling cyber crime, and gathering it will give you information on attackers who actively target you. It’ll also help you identify threats before they damage and disrupt your business. But gathering intelligence alone is not enough.
Today, you can purchase intelligence directly from a security vendor in report form, join an intelligence-sharing group or subscribe to a threat-intelligence capability. Overall, subscribing to threat intelligence feeds has become easy. But making sure that threat intelligence is integrated across a security estate, and helps you contextualise events, isn’t. So, if you’re struggling with this yourself, you might want to turn to a Managed Security Service Provider (MSSP) that can professionally manage threat intelligence for you.
Test your resilience
A good way to understand how different threat actors might target you is to test your security capabilities as robustly as possible. Organisations have long conducted cyber war games to test capabilities. They’re structured to simulate the experience of a real cyber attack — highlighting surface gaps in plans as well as build leaders’ abilities to make decisions in real-time.
Focusing organisations on their incident-handling processes and capabilities can’t be a bad thing. Plus, there’s a whole new generation of hackers influenced by gaming, so there shouldn’t be anything preventing you from understanding and using similar techniques.
If it isn’t broken, break it — then build something better
Even if you think you’ve caught all your vulnerabilities, there’s a hacker somewhere who’ll find a new one. To tackle this, you need to expose weaknesses in your security by conducting regular penetration tests and vulnerability scans.
At BT, we have teams of penetration testers around the globe, and carry out this exact exercise all the time for our own estate. It’s one of the best ways to discover any vulnerabilities that a threat agent could potentially exploit. The sooner you discover your vulnerabilities, the more chance you have of stopping your adversaries from exploiting them. In the end, it’s all about speed.
Creating effective cyber security
Even with threat actors’ motivation becoming more obscure, you can still maintain a detailed view of your threat landscape. To tackle the new wave of cyber crime, you need to see the bigger picture, test your resilience and discover all the potential ways in which hackers may infiltrate your business.
It may not be the ultimate recipe for success, but it’s a good start.
Find out more about BT’s cyber security solutions.