Co-authored by Dr. Rishi Bhatnagar, President Aeris Communications India and Prayukth K V, Head of Marketing, Aeris Communications India
Though cybersecurity is a complex topic for discussion, the trigger for an enterprise-wide cybersecurity event is often a simple one. In the year 2017, as many as 91% of all cyber attacks started with someone clicking a link embedded in a phishing email. As hackers become more sophisticated – employing algorithms, machine learning, cloaking and behavior manipulation tactics, enterprises, individuals, and governments are constantly on the verge of losing data, IP, reputation, and money. It’s no longer about systems, networks, storage, and data but about staying a step ahead of hackers through predictive prevention mechanisms.
Understanding the hacker – the pyramid of evil
Today’s hacker is persistent. Past attacks have shown that hackers are clearly looking at opportunities to make maximum profits, media attention with minimal investments. Their weapon of choice includes advanced zero day and stealthy malware that are invisible to signature-based defense systems. Hackers are also using behavior manipulation tactics such as sending emails that state “sent from my mobile device”, to overstate urgency, prevent rational thinking and trigger immediate action. Other common sentences include “CEO is in a meeting”, and “needs to be done ASAP”.
This breed of hacker did not appear overnight. Instead, a collective effort spanning decades of evolution is serving as a firm foundation for many of the tactics we are witnessing. The so-called web of criminals or a criminal ecology, if you will, is now a layered enterprise. The bottom-most layer of this pyramid is filled with individuals focused on determining exploits in commonly used software. The next layer that sits on top of this one purchases these exploits and runs them through botnets. These folks then rent out their botnets to anyone – including government agencies in some instances who wishes to gain access to systems and data.
One of the biggest setbacks that an attack could render is downtime. “Downtime” is a particularly unwelcome word. Even as institutions ramp up their cybersecurity investments, the Ponemon Cost of Cyber Crime Study has unraveled that there has been a 20 percent increase in the number of successful cyber attacks on a year-on-year basis as of 2017.
According to IDC, the average cost of downtime is nearly $100,000 per hour with unplanned application downtime costing Fortune 1000 between $1.25 billion and $2.5 billion a year. The damage to reputation is even costlier as it takes plenty of effort to recover from an attack from a reputation perspective.
If you were thinking that only businesses were at risk, think again. Most hackers are after personal information of people like us. We have often heard of social media participants buying followers. Most of these “purchased followers” are nothing but compromised accounts.
In terms of sophistication, attacks involving zero-day vulnerabilities are the hardest to detect. In such cases, there is no way your anti-malware systems will be able to detect and isolate these attacks. During a cyber sweep, a prominent global defense manufacturer found hoards of compressed files with encrypted data that were awaiting exfiltration. The malicious software, in this case, was beaconing to a server in an Asian nation known to conduct such attacks to gather IP and defense information.
What can be done?
Beyond bringing in cultural sensitivity towards cybersecurity, enterprises, governments, and even individuals need to ask some critical questions such as:
- What are my key assets? How exposed are they?
- What is my disaster recovery plan? Does it incorporate a worst-case scenario?
- How often have I tested our processes through table-top and offline exercises? Is my training regimen up to date?
- Are my cybersecurity tools, response procedures, and communication practices aligned to prevent a breach?
- Which of my routines could be exploited by a hacker?
The idea is not to be paranoid but mindful. Remember that every tool that you use could be turned against you. So one needs always keep a lookout for deviations such as increased RAM load, increase in network response time, modified file access times, reduction in efficiency and background data flow. These could provide early signs of an intrusion. AI can be deployed to detect such anomalies.
Simple steps like providing multi-factor authentication and creating data back-ups on the cloud can go a long way in protecting your business.
As hackers become sophisticated, so should response and risk mitigation strategies. The first step towards protection is awareness. A layered security strategy that helps detect and isolate risks across the threat lifecycle will also help. As former FBI chief Robert Mueller once said: “There are only two types of companies: those that have been hacked and those that will be”. Nothing beats being on the watch at all times knowing fully well that you are a target.