Being aware of who your enemy is, and what they are after, is the first step towards a successful cyber defence.
“Understanding the tools the attacker is using is no longer good enough. Businesses need to understand the motivation behind the attacks,” says Jayson O’Reilly, director of Sales and Innovation at DRS.
“Phishing attacks, for example, and spear phishing in particular, are on the rise, and are getting easier and easier to execute, mainly due to the vast amount of personal information people share without a second thought on social media.”
He says it is child’s play to target an organisation through an individual, or through a supplier or third-party partner.
“However, these target attacks are but a stepping stone in an advanced persistent attack. Understanding who your adversary is, and their motivation, will go a long way towards mitigating these attacks. Understanding what motivates your attacker can give the business insight into their strategy, tools and in turn your response and defence.”
O’Reilly says the problem is that the security industry is too focused on the technologies and not the attackers behind the technologies.
“Knowing whether they are after money, or whether they are trying to prove a point, can make all the difference.”
A cybercriminal who employs a Trojan to steal financial details would understand the window of opportunity is a matter of weeks, as these threats do not take long to uncover, he explains.
“During this time, he would attempt to access as many bank accounts as possible, in the shortest space of time. These attacks are quick and vigorous.”
However, advanced persistent threat actors are often after more than money.
“These attacks are highly organised, and use multiple vectors to achieve their ends. They will lurk inside the target’s network for months, sometimes over a year, stealthily moving around and stealing information. The attacker might be after trade secrets or intellectual property, or any other highly sensitive data. The object is not a quick buck, but a long-term project.”
O’Reilly says less emphasis should be placed on the vulnerability and more on the threat itself.
“By profiling the threat, we can get a better understanding of the attacker. Different threats require different security measures,” he says.
“Traditionally, security practitioners would look to the network and the firewalls, all the usual measures. However, attackers will always innovate and find new ways to get to their targets.”
In addition, he says too often one attack is used to disguise another, such as the recent DDoS attacks against banks that were used as distractions while cybercriminals penetrated other systems.
“Often not enough thought is given to the most simplistic question of ‘who wants to attack us’. If we know that, we are more likely to know how they will attack us.”
Whether it is a DDoS attack that appears to shut down a Web site, while attackers go after critical infrastructure, or hacktivists attacking media to spread false messages, which can in turn affect markets, and share prices, knowing what is behind the attack is the best means of mitigation.