In early July, IBM Security and The Ponemon Institute released the ‘Cost of a Data Breach’ Study in which it was reported that the global average cost of a data breach and the average cost for lost or stolen information have both increased. The former is up by 6.4% to £2.94 million, while the latter increased by 4.8% year over year. This shows that cyber attacks on enterprises continue to rise. In particular, over the last two years there has been a continual stream of concerning data security breaches, suggests Suid Adeyanju.
One of the ways in which today’s organisations can defend themselves against attacks is to ensure that members of staff understand – and are educated about – the cyber threat landscape. Obtaining the right technology, services and security professionals is only one part of tackling the cyber security problem. It’s also important that companies gain a clear understanding of the cyber threat landscape. This means knowing where these types of attacks can come from and, in turn, who is leading those attacks (whether it be an individual or a group).
Often, knowing the answer to these types of questions leads to an understanding of the motive and makes countering the attacks easier. With all of this in mind, let’s move towards highlighting the areas of the cyber threat landscape that enterprises should be aware of in today’s world.
Nation State: This kind of hacking is often Government versus Government. It’s often functionally indistinguishable from cyber terrorism, but the defining trait is that the attack is officially sanctioned by a country’s Government. These attacks can involve not only hacking, but also the use of more traditional spying as well.
Insider Threat: This is one area where many businesses least expect a threat to come from: inside the business itself. A report from A10 Networks revealed that employee negligence is a major cause of cyber attacks. Employees unknowingly allow hackers into the business through unauthorised apps. On very rare occasions, a disgruntled employee could try and bring the business down in an act of revenge, so it’s always important to investigate who could have access because there’s every chance that the threat could come from within.
Individual Attackers: When you think of the stereotypical hacker, most thoughts turn to a hooded youth sitting alone in a room of their house or flat. This is the individual attacker and their motives are often more one of curiosity and learning. They want to see if they can hack a system rather than attempt anything malicious. This is the most neutral cyber threat.
Industrial Espionage: Sometimes orchestrated by an unrelated group and other times a rival business, cyber threats that deal with industrial espionage have the motive of creating problems for your business. The most common reason for industrial espionage is to discover the secrets of a rival business, often through spying. However, it could also involve destroying valuable data or, with some Internet of Things devices, physically breaking the technology. It’s all about anything that can push a business over a competitor.
Cyber Criminals: Much like the individual attackers, cyber criminals are an all-encompassing cyber threat. Almost all hackers are criminals in some way and their motives can vary from demanding money to setting up cryptomining through to damaging company property. Whatever they do it will not be a good thing.
Phishing and Ransomware: These are some of the most common types of attacks you’ll find cyber criminals performing. These attacks are motivated purely by financials and exist to either scam a business out of money or hold valuable company data at ransom. Sometimes, this can be a distraction to hide something more nefarious. Therefore, organisations need to make sure they’re prepared for any escalation.
Ethical Hackers: An ethical hacker is the opposite of a cyber criminal, as the term ‘ethical’ implies. These types of threats are often undertaken for the sake of a company, and will usually be paid for by the business to see if it can hack into its own servers. These hackers test the security resilience of a business and locate areas that are vulnerable before an ‘unethical’ hacker comes along.
Hacktivists: A hacktivist is a sub-set of cyber criminals whose motives are more ideological. As the name references, a hacktivist is essentially a cyber activist. They are using hacking purely to push an agenda, whether political or religious, rather than a financial motive. A hacktivist attack can be something as simple as changing the text on a company’s website to a more nefarious act that interferes with the day-to-day running of the business.
Cyber Terrorism: While hacktivists don’t always cause damage, a cyber terrorist will. Just like real terrorism, cyber terrorism exists to bring terror to your business, country and customers. Examples include the WannaCry attack on the NHS last year which aimed to bring systems down in hospitals and cause chaos and fear.
By understanding all of the different types of attacks in the cyber threat landscape, it can help you build your cyber defence by identifying a motive and being able to trace what kind of opponent your business is facing, as well as if this is an attack aimed primarily at an individual, an organisation or a national-level threat where the solution would be to work with other companies to stop the attack as a team.
Suid Adeyanju is Managing Director of RiverSafe