While the rate of cyber attacks is certainly on the increase, has the nature of the breaches changed? The answer to the question lies in the different types of breaches and attacks that occurred in 2014.
2014: The year of sophistication
While the types of attacks, for example distributed denial of service (DDoS) attacks, which seek to disrupt systems and services by crashing an organisation’s website, have not changed, the sophistication of the hackers and their techniques have developed.
These attackers evolve quicker than cyber security, finding new and more cunning techniques to get what they want. They have also devised new evasion tactics, such as polymorphic techniques that generate attacks that do not look the same, thereby bypassing detection systems.
Last year also saw a number of instances of hacktivism, which is essentially akin to civil disobedience in cyber space; why hold up a banner that can be seen by hundreds, when you can deface a website that could be seen by millions? The motivations of hacktivists include political issues, promoting free speech or supporting human rights. Although, it could be argued that these ‘hacktivists’ seldom have politically motivated reasons for staging such attacks.
The most recent event – the leaking of communications between actors and producers, studio executives, confidential data and private documents, as well as posting five movies on file sharing sites, is believed to be a reaction to the movie The Interview about a plot to assassinate North Korea’s leader, though the real attack vector and motivation for the Sony hack may never become clear.
Hackers also posted numerous screenplays online and ultimately succeeded in the delayed airing of the controversial comedy. Given that Sony has endured some 15 high profile breaches, could this lead to the creation of a new verb? When a major organisation becomes the victim of a cyber attack, will the commentary say they have been “Sony’d”?
The final type of attacker can be found inside the organisation and can be malicious or accidental. In the latter case, employees are often the weakest link of the cyber security chain and need to be properly educated in terms of usage, access, passwords and patching and apply technology security solutions to enforce these business policies. This is particularly important given trends like BYOD and Shadow IT.
Basics of cyber defence
Despite the evolution of hackers, cyber criminals and their tactics, the constraints and challenges that organisations face in terms of security remain the same. IT departments face the challenge of the so-called Iron Triangle; time, cost, quality and often have to try to balance all three. In addition, the basic tenets of cyber security also are unchanged. IT teams are required to anticipate and monitor issues before they impact business, and then manage them as they emerge in order to limit their impact.
As a result, organisations need to implement and deploy the right procedures and response strategy. These plans and tactics are not just the responsibility of the IT security team; instead, buy-in and support is required throughout the company, especially at board level.
This strategy may differ depending on the business and the information that is secured, but there are five key elements that should be included. These include fast breach identification; contained and isolated localisation of issues; rapid and automated
resolution; constant productivity with no loss of user hours; and full incident lifecycle visibility to support impact analysis and the inevitable regulatory reporting.
One of the key aspects of any strategy is the presence of actionable intelligence to guide its continued effectiveness. This can be gathered externally or post attack effectively learning from past breaches.
2014 will be known for the year that hacking got serious and took centre stage on a global level. Going forward, threats and cyber criminals will continue to evolve and get better at beating defences and it is up to IT security teams, as well as the board, to learn from past breaches and attacks and tailor their defence strategy while keeping the basics strong.
John Green is business and technology development director at Accumuli