(As originally published on LinkedIn, 22 March 2018)
Have you seen Deadpool? He’s a fast-moving and faster-talking mercenary. A vigilante, no doubt, and yet as an audience we adore him, support him and even cheer him on.
We love him as a fictional character but probably don’t realize how many similar qualities he shares with today’s living and breathing cyber attackers. Like Deadpool, cyber attackers roam freely– some are easy to pinpoint, while others are highly camouflaged.
Understanding the threat landscape
Most attackers are indiscriminate. They collect everything they can get their hands on: your corporate email address and passwords, intellectual information, bank accounts or SIN number.
Other cyber attackers are highly targeted. They have a purpose and plan – seeking out specific organizations, large or small, public or private.
What both forms of attackers have in common is an expanding landscape of opportunity. The ubiquity of technology in every aspect of our personal and professional lives is creating a wealth of vulnerabilities to exploit. Developing resilience in the cyber ecosystem has, as a result, become a top priority for Canadian companies.
What is cyber resilience? The ability to resist, react and recover from potentially catastrophic threats. The ability to reshape business environments for increasingly secure, sustainable cyber operations.
The latest results of our EY Global Information Security Survey (GISS) show why it’s so important to build stronger cyber barriers today, tomorrow and into the future. Of the nearly 1,200 companies surveyed, only 12% feel it’s very likely they would detect a cyber-attack. Even more shocking, 57% of respondents admit to not having or only having an informal threat intelligence program in place.
While a cyber threat might not be as obvious as a walking, talking Deadpool, educating your people on potential risks and defining a reporting protocol to track suspicious activity can help your organization avoid a hack – or catch it early.
The 3 types of cyber-attacks
- Zero-Day Exploit attacks (advanced attacks) represent very few of all attacks. They are rarely identified to the public and are heavily funded by a criminal organization or a nation-state.
- Carried out by sophisticated attackers
- Exploit complex and sometimes unknown vulnerabilities
- Use sophisticated tools and methodologies
- Misconfiguration attacks (common attacks) represent a vast majority of attacks. These attacks are frequently experienced and primarily occur as a result of vulnerabilities long since identified. Common weak points include: uninstalled or out of date software/ hardware, undefined policy, or incorrectly followed manuals.
- Carried out by unsophisticated attackers or sophisticated attackers at mass scale
- Exploit known vulnerabilities
- Requires little expertise and are easily successful
- Credential attacks (emerging attacks) are the most dangerous form of attacks, particularly targeting employees within secure organizations. The motive of credential attacks are to gain access through user names and passwords in order to access data from highly secured databases. Hackers can do this by appearing as an insider – sometimes mimicking emails to look authentic – and encourage employee interaction to evade security controls.
- Carried out by sophisticated and unsophisticated attackers
- Uses social engineering to develop knowledge of target
- Can create quiet persistence in an environment for malicious behaviour such as data exfiltration
Stop hackers in their tracks through defensive measures
To mitigate the risk of hackers, your company must create broad cybersecurity awareness, not just in the information security or information technology departments, but across the entire organization. This includes establishing an education and awareness program, ensuring all employees, contractors and third parties can identify a cyber-attack and are aware of the role they play in defending your business. By doing so, you’ll enable the entire organization to understand the risks they face and in turn, decrease the likelihood of a successful hack against your company.
And if they believe they are being attacked, they should know the appropriate steps to take to mitigate that risk, without the fear of being reprimanded.
The ability to respond to an attack — to react quickly and effectively when a breach does occur — is the final piece in the puzzle. Companies with a well thought-out and tested cyber threat breach response plan will be able to de-escalate the crisis much more quickly.
In the long term, this will create a sustainable edge over cyber criminals and other malicious actors potentially dissuading these mercenaries from choosing your organization as their target.
In the meantime, if you recognize a tall man in a spandex red suit crouching in your inbox – use your judgement. He’s likely not supposed to be there!