The City of London police commissioner Adrian Leppard recently spoke at an industry conference where he said that incidences of cyber crime are significantly underreported to police, with only 20 percent of cases being reported. Leppard blamed unwillingness by organizations, particularly banks, to report breaches, a lack of police capability to respond, as well as the international nature of cyber crime. Leppard insisted that the way cyber crime is dealt with needs to fundamentally change as the traditional police approach to crime of gathering all the details to understand what has happened before dealing with it does not work when it comes to online threats.
What Adrian Leppard has said rings very true for those of us working to tackle cyber crime at the front line. While his comments mainly call for a change in the way the authorities deal with the investigation of threats, organizations themselves should also take heed of his warnings. Cyber criminals don’t care about a couple of firewalls or other point security solutions – they can, and will, easily get past them. Attempting to prevent a breach has therefore become relatively futile, and instead focus needs to be placed on identifying and dealing with threats as quickly as possible.
Every organization in every industry is at risk. Anyone reading the news recently will know this – from bugs in software, to malicious insiders, as well as outsiders, the cyber landscape has become incredibly treacherous and requires a dedicated and long-term strategy to safely navigate. By reducing the amount of time it takes to detect and respond to the breaches businesses have a far greater chance of containing any damage. We need to make everyone aware of the fact that the time between detection and response is when they are at their most vulnerable, and without a strategy in place to effectively and efficiently deal with the problem, the consequences could be far reaching.
As such, businesses need to take an intelligent approach to security, ensuring that they are continuously monitoring their networks so that they can identify and deal with any threats as soon as they arise. With so much data now crossing networks, security teams can struggle to distinguish the good from the bad and adopting a security intelligence model is the only way to see the wood from the trees. The authorities can only work with what they are given, and every organization needs to give them a helping hand by ensuring they have the right systems in place to limit the threat at the source
Earlier this week, it was reported that British Airways had suffered a data breach which exposed the details of a number of frequent-flier Executive Club accounts. It is thought that the breach is the result of a third party that used information obtained elsewhere on the internet to gain access to some accounts using an automated process. British Airways has reassured customers that their sensitive information was unlikely to have been affected, but has advised users to reset their passwords as a precaution.
On a similar note, taxi app Uber has been forced deny claims that its servers were hacked after reports that thousands of customer usernames and passwords were available to buy online.
These two stories provide yet another example of the importance of strong online passwords that are not reused across numerous websites and online services. Cybercriminals are becoming increasingly determined to access user credentials, with advanced automated tools that are designed to seek and steal usernames and passwords with minimal effort. As such, we hear time and time again about breaches stemming from hackers using these smash and grab techniques to build a database of credentials and then effectively ‘trying every key in the lock’ until it opens.
No matter how watertight a business believes its IT security position to be, there will always be a weak point just waiting to be exploited by cybercriminals and these are often linked to password security. Organizations must, without exception, be continually monitoring their systems for any anomalous activity that could indicate a breach – particularly those with a strong emphasis on customer service, like British Airways. This protective monitoring will shorten the time to detect and respond to security incidents, leading to reduced fallout for their customers. On that note, British Airways should be commended for identifying the breach and taking the proactive step of locking down all user accounts before any real damage could be done.
This week, security researches at SmackTLS uncovered a new, potentially dangerous flaw that could allow hackers to trick internet-enabled devices into using weak encryption. The bug, dubbed Freak (Factoring attack on RSA-Export Keys), affects SSL/TLS protocols and could therefore be used to intercept a whole host of data transmitted online – from bank details, to email logins. There is currently no evidence that the flaw has been taken advantage of by hackers, but there are a number of browsers and websites that could be at risk – including Google and Apple.
While this flaw may not be readily employed by hackers, organizations and individuals alike need to be cautious. Not least because it isn’t the only flaw that exists – in fact, we hear of so many examples of vulnerabilities and attacks these days, that there’s a very real chance hearing news like this will become the status quo. Until every organization can be 100 percent confident in its cyber security policies, we need to ensure this doesn’t happen.
While internet companies need to provide patches for flaws such as this, organizations shouldn’t just wait for this to happen. Instead, they need to take a proactive approach and cut the hackers off before they can take advantage of any weaknesses. The most dangerous situation for a company to get themselves into, is allowing a hacker to get in and stay in – the longer they are able to do so, the more damage they can cause.
As such, organizations should employ security intelligence strategies, which allow them to reduce the time it takes to detect and respond to any threats. The problem we have today is that there is so much data crossing networks it can be difficult to differentiate between the good and the bad. Taking an intelligent approach to network security makes it easier to see what should and shouldn’t be there. If a hacker wants to get in, they will – either through a flaw like this, or through other highly sophisticated techniques. Security intelligence provides a moat – they might be able to jump over it, but they’ll be seen doing so pretty quickly.
Last week it was revealed that UK telecommunications company TalkTalk suffered a data breach in 2014, where customer details – such as account numbers, names and addresses – were stolen. The stolen details were then used by scammers to trick people into believing they were being contacted by the company. TalkTalk has said that the information stolen was ‘non-sensitive’ and it believes the attackers were able to access TalkTalk’s internal systems via a third-party that also had access to its network.
We see it time and time again – if an attacker wants to get in, they will. This TalkTalk breach highlights not just the importance of organizations ensuring their own security policies are up to scratch, but also that of their third parties. TalkTalk has done a great job in reacting to the situation by investigating when unusual events were reported, and then quickly informing customers of the situation.
It’s now clear just how important it is to have the ability to identify and respond to threats in as little time as possible. While it seems TalkTalk has responded relatively quickly, it was through a rise in complaints from customers – rather than the company itself identifying unusual activity on its networks. Most organizations currently operate in a mode where the time it takes to detect and respond to threats is months – or weeks at best. In order to ensure that damage is limited, and to avoid becoming the next breaking news headline, businesses should aim to reduce this time to hours or minutes.
Traditionally, organizations have taken a relatively reactive approach to cyber security, but faced with the sophisticated threats of today, this needs to change. However, there is so much noise on the network these days, with vast quantities of data moving around at breakneck speeds, that it can be difficult to proactively identify threats. Security intelligence techniques allow security teams to see through the fog and target the threats that matter, so they can respond quickly and efficiently. The faster businesses can find and shut-down threats, the more work hackers will have to do to succeed and, with any luck, one day in the future they’ll get tired of trying.
Earlier this week, a simulated cyber terrorist strike took place at London’s BT Tower. The event – part of the UK government-backed Cyber Security Challenge – was designed to mimic a sophisticated cyber-attack and tested the ability of amateur contestants to defend the building’s power-supply from hackers. Those competing were selected following nine months of intensive assessments and the ten best from the day have been invited to compete in the grand final in March.
Real-life cyber attacks are becoming far more prevalent and we often find ourselves in a game of cat and mouse, trying to keep up with the perpetrators. These schemes are excellent for weeding out talented people who can help defend critical infrastructure from hackers – and may one day be part of thwarting potentially dangerous threats. Programs like these are great to see as they demonstrate that defending our boarders from cyber attacks is moving higher and higher up the political agenda.
However, we do need to be careful not to place too much credence on people alone. While a workman can never blame his tools, it is also imperative to have the right systems in place to help identify and remediate potential threats. There is now so much data passing through the networks of both private organizations and national infrastructure, that people alone cannot be the relied upon to identify when something is wrong.
Instead, security intelligence is paramount. These systems are designed to monitor networks constantly in order to spot anomalies – and can process far more information in real-time than any human being. There’s no doubt that we need the best people on the case, and events like this are an excellent way of finding them – let’s just also make sure they’re given the best possible tools to work with.