Thwarting a new breed of cyberattack

Cybercrime can lead to financial loss, reputational damage and physical harm.

Cybercrime has evolved from simply stealing information for financial gain to ruthlessly infiltrating industries with the goals of destroying intellectual property, damaging reputation and crippling vital operating functions.

As one of the most recent and malevolent examples, the Sony Pictures Entertainment hack brought global attention to the issue of cybersecurity that will likely have a significant impact on future government policy and national responses to cyberattacks perpetrated against countries or companies.

Motivation plays a big role in who is targeted by these threats and how they are executed. Although the Sony hack has garnered significant attention, its impact pales in comparison to the implications of an attack on critical infrastructure, which has the potential to be politically, economically and physically devastating.

The FBI has said the Sony hack was either perpetrated or sponsored by North Korea, and it is guaranteed that other nation states and organised non-state actors are paying attention to see how the US responds.

Extensive cybercrime beyond the US has involved theft of payment cards, personal internet credentials, intellectual property and online bank accounts. Conducted by the Ponemon Institute and sponsored by HP Enterprise Security, the 2014 Cost of Cyber Crime Study found the average annualised cost of cybercrime incurred by a benchmark sample of Australian organisations was $4.3 million, representing an 8.4% increase over the average cost reported in 2013.

The study found that the most costly cybercrimes resulted from denial of service attacks, insider threats and use of malicious code - with the highest cost per industry reported in the energy, utilities and financial services sectors.

Securing and defending the network

With 2015 expected to be another landmark year in terms of both the frequency and impact of cyberbreaches, organisations and officials cannot ignore the potential risks associated with these threats - risks that go beyond the digital world and cause actual, physical damage.

As the number of devices connected to the internet increases into the tens of billions in the coming years (Morgan Stanley estimates the number to be as high as 75 billion), the risk from network intrusions, mechanical sabotage and data loss all increase as well.

For instance, in December an unidentified group of hackers led a cyberattack on a German iron plant that caused physical damage to the machinery and was executed in a way that prohibited plant workers from intervening in the override. This resulted in multiple components of the machinery malfunctioning, causing massive damage to the system and the plant’s output.

The breach was accomplished using a technique called spear phishing - a simple attack that utilises social engineering to provoke the user to open an email appearing to be from a trusted source but designed with embedded malware. Once hackers compromised and gained access to the system, they applied sophisticated technical knowledge to override the control systems and caused massive destruction.

This breach is significant because it is the second publicly confirmed case of a cyberattack causing physical damage to a system - the other being the 2010 sabotage of centrifuges used to enrich uranium gas at an Iranian facility.

It is important to emphasise that a cyberattack on physical infrastructure poses a unique threat - not only to an organisation’s network and data, but also to its physical and human capital as well as the surrounding population. These threats require distinct procedures, standards and proactive protections.

Industries need to implement a cybersecurity strategy that outlines best practices for employees, sets comprehensive protocols outlining a response to a breach and, most importantly, encourages the necessary steps to ensure active network and data security.

The Council on CyberSecurity and the National Institute of Standards and Technology (NIST), for instance, have both outlined critical security controls as well as public security measures that organisations can take to better secure and defend the network, data and vital business assets. To address the full array of cybersecurity threats, near-real-time solutions in the form of continuous systems monitoring and risk mitigation are required.

Real-time awareness

When an organisation lacks the awareness to determine who has access to its network and sensitive data, it is forced into a reactive posture where breaches are dealt with after the fact, leading to a state of perpetual damage control that diverts further resources away from threat detection and prevention. In today’s environment of advanced threats, being proactive is essential. It is inevitable that bad actors of some kind will gain access to an organisation’s critical data with enough persistence.

Strong cyberdefence relies on the strength of multiple layers of security targeting underlying software security assurance, data encryption, network defence and near-real-time monitoring to quickly identify a breach and respond before damage can be done. Without comprehensive situational awareness of an organisation’s network, intrusion prevention and detection systems are limited to stopping only the attacks they have been programmed to identify.

Pairing near-real-time monitoring solutions that have been calibrated with the latest threat intelligence can afford IT managers a comprehensive picture of their data environment, so threats can be detected and mitigated before they cause harm.

This is why threat-indicator sharing and collaboration is such a necessary and crucial step - not only for the protection of individual organisations, but also entire industries, critical infrastructure and national security.

Cyberattacks are no longer simply practical jokes or non-lethal schemes of siphoning information for monetary gain. An attack on critical infrastructure presents a clear and present danger to human life as well as life-sustaining industries.

Breaches are an inevitable and expected occurrence in the digital age. Now we must place the priority on how we can prevent and respond to these threats together, which can mean the difference between business as usual and a national crisis.

Image courtesy Yuri Samoilov under CC