Companies need to reinforce their cyber-security capabilities as crime grows in an increasingly borderless and complex digital world.
Security-software provider McAfee estimates the annual cost to the global economy from cybercrime is more than $400 billion, which is more than the national income of most countries. And the extent is widespread. In 2013, the US government notified 3000 companies they had been hacked, while in the UK 93 percent of large businesses and 87 percent of small ones reported at least one online breach.
Hackers are also attacking large-scale events such as the 2014 World Cup, aiming to create chaos, embarrassment or extended downtime. When they failed to take down the official World Cup website, they attempted to attack World Cup sponsors and finally hacked into local government sites.
Failure of the security industry
The biggest problem companies face is that the security industry has failed them, says Amit Yoran, senior vice president at network security firm RSA.
“Computing systems are flawed by design and the security failures we see today are inevitable,” he says.
The issue, Yoran explains, is that current computing systems use old-style tools such as firewalls and antivirus systems. These tools, while helpful in the past, are no longer effective or capable of spotting hackers who attack complex software that may utilise millions of lines of code.
A prime example of this problem is a company that announced a high-profile partnership and drew attention to their valuable intellectual property.
“A month and a half later, a spear-phishing email was received by an employee of the company, who opened it, launching a malicious application.”
In one day, the email, which masqueraded as being sent from a trustworthy source, led to severe compromises throughout the organisation’s technology, allowing attackers to begin a six-month campaign of data exfiltration.
“It would have gone on longer if a third-party hadn’t notified the company.”Better practices could have reduced those six months to hours, according to Yoran.
Countering cyber threats
Companies can counter these threats by enhancing security practices. What companies need, says Arthur Coviello, executive VP of RSA, is a new model that analyses their vulnerabilities and prioritises the security initiatives they need to take. Three steps are essential.
First, companies need to conduct a thorough analysis of their data and systems to determine what information or access is important. Since valuable company information can be located anywhere in the world, companies need to focus on identifying the data that is most valuable and the people who have access rather than on actual data location.
“It is more important than ever to be aware of who is accessing your data at all times,” says Coviello.
The next step is to protect the data. One way is to have staff use text messages or biometrics such as fingerprints to authenticate and sign into systems. The processes need to be user-friendly so that people don’t try to work around these access controls.
Even with all these steps, the current firewalls do not fully protect companies against malicious software. Therefore the third step is to set up processes so the company can detect when it is being attacked and quickly take steps to shut down access.
Early detection is key
One practice for early detection and crisis management recommended by Steve Lam, a partner at Ernst & Young, is to set up effective security-monitoring controls and use digital forensics – the recovery and analysis of material found in digital devices – to investigate where attacks originate. Companies need to be able to identify who or what is accessing their network and spot anomalies that might signify attacks, and then have processes in place to lock down their network if needed.
Patrick Laverty, incident response engineer at Akamai Technologies,cites a recent incident where Akamai used detection analytics to help a company block hackers. When a hacker attacked the hotel chain’s website and asked for rates for different cities as rapid as 15 times per second, the company detected the problem. Knowing a normal user could not request rates that fast, they blocked the IP address the hackers were using.
Despite increasing threats, solutions do exist for companies to prevent cybercrime and minimise risk. By moving away from traditional approaches to security and embracing new techniques, companies can become less vulnerable and avoid the multitude of issues that can damage their business.