The nature of the cybercrime landscape is shifting. No longer are the main threats related to the theft of personal details and financial information – like capturing logon credentials, identity theft and stealing credit card data. Today’s most destructive breaches relate to the theft of corporate intellectual property. A dark underworld of online industrial espionage is developing below us, where careful, targeted attacks are unleashed on companies’ most valuable data assets.
This is the view of Rashmi Knowles, chief security architect in the EMEA region for RSA, the Security Division of EMC. She cites the example of a pharmaceutical company, for instance, that may spend tens of millions of dollars in R&D for a particular drug, only to have their information compromised and for the drug to be released in another country at low cost.
The theft of IP is something that Knowles believes is vastly under-reported in traditional media circles – as companies do their best to keep the attacks quiet. Unlike in other types of breaches (such as customer credit card details for example) there is never any statutory requirements to disclose the breaches.
“Good security always encompasses people, processes, and technology,” she starts, explaining that if an organisation is weak in any of these aspects, however strong it may be in the other areas, it is vulnerable to attack.
The evolving threats see attackers using methodical background research, and highly convincing, targeted social engineering tactics that are directed at key employees in an organisation. One won’t find, for instance, the poorly worded mass distribution phishing emails that have been spamming our inboxes for years now.
Knowles notes that the industries most at risk of this kind of attacks include defence, other public sector departments, financial services, and any industry that has a high-value intellectual property – such as business consultancies for example.
Vulnerabilities now hold the potential to have such a colossal impact that it’s natural for IT security and IT governance to move from an IT responsibility, to a senior business leadership responsibility, at board level, she adds.
“As we transition to what we call the ‘3rd platform of IT’, where billions of users are consuming content and interacting with organisations in various, fluid ways, the nature of security changes.”
In this 3rd platform, ecosystems are connecting employees, suppliers, partners and other stakeholders to the point where the ‘perimeter’ is difficult to distinguish. “In reality, there is no perimeter,” she notes. “Protecting against these threats becomes a complex, on-going challenge,” she advises.
Corporations need to balance deep levels of employee awareness, with automated controls and alerts that monitor behaviour – including things like user credentials, permissions, encryption, data loss prevention policies and technologies, implementing policies around data flow, for example.
“The biggest question is: how to train the ‘human firewall’? How to help employees recognise and prevent suspicious activities?”
She says a number of companies have been highly successful in presenting security information to staff in the form of interactive, gamification tools. Organisations should present resources that help employees stay safe at home and at work.
An important trend to recognise is that attackers are increasingly targeting corporations in Africa – particularly in Anglophone countries across the continent. As security in general becomes tighter in many developed world countries and organisations, behaviour shifts to developing world.
Sophisticated attacks on organisations’ IP resources on the continent is expected to accelerate in the coming years, Knowles predicts.
Knowles advises organisations to remain alert to the changing nature of cybercrime, as they focus on the two key goals – of shrinking “dwell time” (the time between the start of an attack, and its detection) and improving the speed and effectiveness of its response to attacks.
