People expect large organisations, such as telecoms firms, with huge resources at their disposal and leading-edge technology, to be amongst the best equipped to keep cyber criminals at bay, and avoid the cyber breach of their valuable data. However, the fact that high-profile breaches continually come to light, shows that no organisation is immune from attack. It only needs an unwitting employee opening a suspicious attachment, plugging in a USB stick or making a simple error during a routine system admin task and systems can instantly be at risk.
Attacks can come from just about anywhere at any time – whether it is a bored teenager or an organised criminal targeting data for profit. The recent TalkTalk web site breach was a perfect example of the former, where a relatively simple attack was used very successfully, to devastating effect.
Targeted attackers are often far more focussed on their intended victim and better resourced. They have a huge asymmetric advantage over the victim, who has no way of knowing the timing of an attack and has multiple potential vectors to defend.
The reality is that many businesses, not just telecoms firms, maintain vast amounts of personal information, which is highly prized by cyber criminals and is increasingly difficult to protect.
The greatest challenge is that an attack is not noticed quickly enough. The time to detect an attack can stretch to over 200 days, which is too long to be exposed to any type of threat. Conversely, in the TalkTalk example, the breach was detected relatively quickly (within only a day or so). TalkTalk reacted quickly, which should have put them on a much stronger footing to deal with the crisis. However, despite the speed of detection there was still uncertainty around the scale of the breach and the number of subscribers affected. Hence initial PR announcements slightly missed the mark and the level of initial interest (and criticism) reflected this. As with other past breaches like Target, Sony and OPM; TalkTalk provides valuable lessons. The first and most important step to take following the discovery of a breach is to establish which systems and data were compromised and determine the nature of the attack; both rapid detection and early understanding are vital.
When it comes to leveraging actionable intelligence; information quality and timelines matter. Security teams require integrated security solutions to achieve this. True cyber resilience means appropriately scaled and competent technologies and processes that meet threat levels and response requirements, rather than just point solutions that focus on low-level threats or specific vectors that hackers navigate around to find a “weakest link”.
Security functions are increasingly identifying new sources of threat information, all of which needs to be aggregated, digested and investigated to mitigate threats. Increasingly the mass of information requires automated analytics and decision-making technologies to fasten the process, limit the time at risk, remove false positives and enable analysts to focus on threats that pose an actual danger. Cyber resilience means fit-for-purpose monitoring to identify indicators of compromise, behavioural anomalies or suspicious activity. The automated collection and processing of information allows security operators to make prompt and confident diagnoses and decisions, and to deal with the noise generated by modern IT systems and security controls. Applying the latest in Automated Threat Verification technologies to identified threats allows the minimization of false alarms and rapid identification, isolation and remediation of systems impacted by an attack.
[box type=”shadow” align=”” class=”” width=””]
Peter Woollacott is the CEO and founder of Tier-3 Huntsman, and the driving force behind its success. He is an expert in cyber risk and security solutions for enterprises that are serious about preventing, detecting and managing cyber threats. He is regularly sought for advice on ways to use technology to reduce risk, improve governance and, ultimately, deliver competitive advantage.
Huntsman Security is a cyber security specialist focused on real-time security detection, verification and resolution in mission-critical security environments, national intelligence, border protection, banking and infrastructure globally. It proactively detects indicators of compromise and allows companies to quickly resolve issues.