Nation-state actors responsible for most cyber attacks
Companies of all sizes may find themselves faced with highly capable state-sponsored cyber attacks, but steps can be taken to shore up defences
With cyber attacks becoming more sophisticated and reflecting geopolitical conditions, more can be done to shore up cyber defences, said speakers at the Singapore International Cyber Week 2017.
“The majority of intrusions we respond to can be attributed to nation-state actors, by nations that condone cyber attacks, or folks in uniform paid by sovereign nations to do intrusions,” said Kevin Mandia, CEO of US-based cyber security company FireEye.
This year’s threat landscape has been characterised by the growth of cyber activity from Iran, where an APT (advanced persistent threat) hacker group probably linked to Iran’s government had hit Saudi and Western aerospace and petrochemical firms, according to a recent FireEye report.
“If there is no risk of repercussions, where is the deterrent?” said Mandia. “If you are in a nation that allows certain criminal activities on the internet, it is hard to have a proportional response to those types of activities.”
As a result, the balance of power has shifted, leading to an asymmetry of power in cyber space, where modern countries whose economies and jobs rely on the internet are extremely vulnerable to cyber attacks, he added.
Attack vectors have also changed. Hackers used to attack vulnerable systems, but they are now duping or tricking individuals into compromising computers through spear-phishing attacks.
Also, hackers are now moving away from stealing credit card numbers and ATM PIN numbers, preferring to hold their stash in virtual currencies instead.
“Anonymous currency such as bitcoin is a perfect storm for criminals to hack and make money through extortions,” said Mandia. “In fact, many organisations have a stash of bitcoin, as criminals appreciate the anonymity that bitcoin offers and will even give discounts when paid in bitcoin.”
Ravinder Singh, president of technology solutions provider ST Electronics, said organisations can adopt a security operations centre (SOC) architectural framework as a defence against cyber threats.
An SOC will eliminate 90% of attack vectors through the tight integration of security appliances augmented with threat intelligence, he said.
Read more about cyber security in APAC
- Even as Southeast Asia works towards coordinating cyber security strategies, more needs to be done to establish cyber norms.
- Organisations should map IT assets to business strategy and adopt a proactive cyber security programme, says Centurylink’s chief security officer Dave Mahon.
- Japan is focused on securing critical infrastructure such as power and communications systems, and training the manpower it needs to secure the Tokyo Olympics.
- Singapore companies may know the importance of cyber security, but most have not gone beyond basic security practices to enable them to cope with cyber attacks better.
Singh said the next level of threats (9%) can be addressed using specialised skills and knowledge with analytics, leaving the last 1% of APTs and zero-day attacks to deep and experienced expertise.
Bob Lentz, former US deputy assistant secretary of defense for cyber security, said organisations are not moving up the cyber security maturity framework quickly enough, leaving them vulnerable to cyber attacks.
Lentz also highlighted the need to secure the cloud, internet of things (IoT) devices and the artificial intelligence (AI) space.
“In the 1990s, when we had the chance to bake security into the internet, we didn’t do it,” he said. “We still have a chance in IoT and we had better do it, and now the AI arms race is the most important.”
Sherrel Roche, senior market analyst for services research at IDC Asia-Pacific, said that with the onslaught of mixed attacks, organisations should adopt security approaches that are proactive and predictive rather than reactive, so they can handle threats designed to evade conventional defences.
“The most effective security solutions should include components of sophisticated threat intelligence capabilities, advanced data analytics, expertise to interpret data anomalies and act on findings, as well as include incident response capabilities,” she said.