It is true to say that cyber crime is a phenomenon that almost everyone in society is aware of today. Even the most infrequent of email users are familiar with the occasional unsolicited message from a seemingly innocuous sender with fraudulent motives. As increased adoption of the internet takes hold in developing countries and as computer literacy grows, cyber criminals are becoming more knowledgeable and their tactics more sophisticated. At the same time, however, the industry’s ability to successfully prevent and respond to these cyber attacks is improving through what some might consider one of the most basic forms of defense – information sharing.
Phishing is one example of how cyber criminals’ methods of attack are becoming more sophisticated. What were previously targets of chance have turned into targets of choice. For example, phishing emails used to be sent en masse, based on the principle that quantity increased the likelihood of infiltration. However, increasingly cyber criminals are investing time and resources into researching their target recipients in order to construct a comprehensive, credible email. “Spear fishing”, where attacks are sent to a select group, and “whaling”, where attackers go after a single high value target, are becoming common and are often executed for the purposes of financial gain. One method of financially targeted phishing is known as “ransomware”, a crime where malicious software encrypts an IT system until a certain sum of money is paid. Typically, ransoms are quite small, which means many firms may find it easier to pay them in order to regain access to systems. But the best defense to ransomware is a strong internal defense, with solid backups of critical data which can be restored in the event of an attack.
Phishing scams are just one way in which cyber criminals are carrying out malicious attacks but are a good example of how IT systems can be compromised because of what appears to be a legitimate email. Fortunately, however, CIOs and CISOs are changing their response, realizing that information sharing is fundamental to building resilient cyber defense programs. This comes in several forms. Firms have become substantially better at automated information-sharing around real-time vulnerabilities and threats. Many have also improved their manual information-sharing culture, with ever- increasing dialogue around the types of threats firms are seeing and the forms of defense that provide the greatest value.
A robust information sharing network – which should include details on the type of adversary, the technique they are using and specific technical descriptions of what the attacks look like – should be complemented by continuous testing of environments to ensure there are limited system or application vulnerabilities. Continuous testing and mitigation of vulnerabilities combined with software and the proactive monitoring of administrative rights can stop a majority of intrusions from succeeding. These protocols should also be complemented by appropriate patch management to mitigate software vulnerabilities and help stop cyber attackers from penetrating IT systems and propagating cyber attacks. The WannaCry incident was an example of how firms quickly shared amongst themselves, patches were installed as needed, and the impact of the attack was reduced.
Ten years ago, a cyber criminal could theoretically break into an institution and find themselves right next to a company’s crown jewels – but not even know it. As a result, the impact of a breach might have come down to sheer luck. In contrast, modern cyber criminals are doing their homework and are able to target very specific elements of firms’ IT systems with a clear idea of what they are looking for. The industry’s response therefore should be to make sure firms have solid foundations to expand their cyber defenses in order to stay one step ahead and to share information around potential or actual attacks as much as possible.
This article was first published in View, The Eurofi Magazine, September 2017 issue