Page 46 - Cyber Warnings
P. 46
Detecting The Covert
Security Through Intelligence
by John Williams, Product Manager, Node4
Business has always had to protect its assets. Fifty years ago it would have been tall walls of
bricks and mortar, maybe a little razor-wire and issuing identity cards to employees, possibly a
friendly security attendant on the door.
Today the perimeters have blurred, the threat frontiers increased and the volume of localized
criminals has expanded to include miscreants from any and every country in the world.
Of course this expansion is due to the rise of communications technology and the surge of
ecommerce and the Internet, the borderless digital world, but it is still a shock to see a threat
map from the IT security manufacturer, Fortinet, which shows, with regularity, live attacks from
source to destination in such graphical detail.
This truly brings home the idea that we are a single global economy and borderless from an
information security perspective. If it is not enough that the volume of perps has increased, the
methods for ingress has also expanded exponentially. Not only are there the criminal groups we
also have to take foreign governments and political hacktivists into account.
We are left with a fight in which we have no visibility of those bent against us and who use
weapons and methodologies which are constantly changing and which we are generally ill
equipped to flex our defences to meet their attacks.
It is no wonder that over 85% of companies have no idea that their IT environments have been
breached until weeks or even months have passed. The cost of being breached is also
increasing; a year old study from the Ponemon Institute which analysed the cost of data
breaches in the UK concluded that £2.37 million is the average total cost of data breach which
was a 7% increase in cost over 2013 to 2014.
The average cost per lost or stolen record was £104 which was a 9% gain over previous years.
Malicious or criminal attacks were primarily responsible for the root causes of these breaches
accounting for 49% of breaches, 23% involved system glitches and business process failures
and 28% were from human error or employee negligence.
TARGETS
You may be forgiven in assuming that many of the companies targeted by cyber criminals are
either large corporate companies or companies with a business model which involves a high
degree of ecommerce. This is not the case, in fact SME businesses who have little ecommerce
exposure are more likely to be targeted than larger corporate business. The reasons for this are
46 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
