IBM Staying Ahead in the Cyber Security Game draft 2
Staying ahead in Cyber Security Game
Institution of Affiliation
Being your worst enemy
In this chapter, we shall spend time in analysing on how to protect yourself from cyber crimes that have become a major threat in any organisation or even an individual. One security consultant made a remark about cyber crimes and said that crime do adapt and do follow; in as much there is new technology, crimes do change at that same rate. The consultant also said that these malicious people are always a step ahead, they have more imagination than them protecting that same information they want to get hold of. The key thing is that we constantly face things that we have never imagined before.
In recent times and with an increased number of attackers who mostly are in for monetary or due to political psyche the attackers determination has risen remarkably. On the other side of the coin, there is increased penalties, risen enforcement of law and also serious convictions have scared away numerous armatures leaving only the focussed and professional hackers in the industry. The term Advanced Persistent Threat comes about due to their constant determination. Malicious guys are willing to spend their quality time to breach your defence walls and then use this access for as much time as possible.
Constantly technology users are in a state of frequent attacks. Often there’s news of data breach involving a well-established company and due to this fresh rules are circulated to protect personal information. Due to malware in emails, phishing messages and ill-intentioned websites with URLs, employees need to be vigilant and diligent to do everything they can to protect themselves and the organisation they are under
Traditionally attackers would search and exploit and then replicate its other organisation, in recent times occasionally an organisation or at times a person is segregated and then attacked in many ways.
Finding your weak spot
In an organisation, the only way to balance this game is by instilling determination and communication inside the organisation. A team should be kept in place that tirelessly looks for loops holes in the system and corrects it appropriately
What is recent
Due to gains got by hacking the number of hackers have increased considerably. On the other side, penalties have also increased and this has scared away some low harm kiddies.
The real enemy that eats us is our ignorance and determination. If people are completely ignorant, there will be security or if the attacker has great determination, then he will finally get through. By addressing this two issues then we are good to go.
In this chapter, some critical lessons can be deduced. Firstly, for you to be able to protect yourself from malware, the first defence line starts with yourself, this is because you can be able to detect your weak point in the system and develop appropriate mechanisms of defence in that particular spot identified.
Secondly is that attacker will always be there. Their greatest motivator is financial gain and political motivation. This has made the determination of attackers to rise greatly. As long as these two factors exist then malware threat will always be present.
Thirdly, the threat on our security comes from ignorance and determination. If you or the organisation is ignorant, then the data will not be secure from attacks. Addressing these two factors by raising your defence levels then a workable security situation can be achieved effectively.
In day-to-day life, the emphasis is applied in patches, creating a very secure infrastructure and educating the users. First is to develop a mindset of a hacker to identify your weak points before the others. Often use white-hat penetration test group. This group is motivated to break in and get to systems and data they are not supposed to get access to. To achieve maximum effect, you can select one group to be the defence team and the other the hacking team. You can rotate them time to time.
Making security, a game for the entire organisation helps in developing a culture of protection. People can lose points by leaving their computers unlocked and gain points by identifying someone without displaying access badge. This aspect brings compliance to the security protocols.
It does not matter what of data you have, control access of this data is a must. If the data is more sensitive, then the more restrictive the access. The individual who has certain needs should be allowed to access the data.
Its also a good move to educate your employees. Spend enough time and help your employees understand the real risks of a cyber attack and how these attacks affect the organisation. Make them understand how dangerous it is by sending of unencrypted data or lightweight passwords is, also that an attack could lead to the closing of the business and hence they are left without jobs. Do everything needed to get them on board with procedure that are put in place. Employees should at all cost avoid clicking on links and opening attachments since these are the most common ways hackers get access to the system and data.
Employing policies for technology can come a long way in protecting companies data. Although the best policies for technology in security are in place, employees must get on board on how their actions can bring the organisation to its knees. Guidelines should include how the company equipment are use and also creating passwords, and then make it a habit to follow up on employee usage.
Resiliency can be defined as the ability of a system to bear an attack and failures and in the occurrence of these events, re-build itself faster. Cyber resilience entails responding, resisting and recovering from attacks that compromise the data you need to do daily business. Its a whole organisation affair where everyone participates. Relying heavily on technology and then leaving it to the IT department guys only with the full responsibility for cyber security is not effective.
When most dedicated people pull all their efforts on your company is enough to scare you. Any email, attachment, visitor, WIFI network or even a document should not be trusted. Actions of white-hat hackers who have proven that they can do almost everything from hacking their way into accounts of top managers gives a glimpse of all that can be done. The assumptions that criminals and other enemies can do this holds true. We are then left with this questions, what can we do? Should we just surrender? The answer is certainly not. Even if the attacks will not happen, it’s good to err on the side of caution. We should work on minimising the effect of the attack and raising the detection chances.
Cyber resiliency does not solely entail having access to a set of new computers when there is a loss of one. It entails more than having a remote access of a virtual private network when there is travelling chaos of an employee. Some may tend to argue that having a thin client solution where an employee can use any computer, anywhere regardless of manufacturer, to have access to the companies applications is the right course of action. . But if you want to achieve true resiliency, an organisation must understand precisely what technology, data and system underpin the business.
Due to the increased cybercrime, how should one handle cybercrimes and bounce back? It can be managed although not easily. Traditionally view of security was to focus mainly on defending the perimeter, maintaining the status quo regarding security and restricting infiltration of data.
After an attack on an organisation has taken place, the most important thing then is recovering from the attack and moving on. The attack makes you raise your defences and increase chances of detection for next time.
Recent activities in the cyber resiliency
Targeted attacks have always been there especially in the field of defence and financial fields. Dedicated attackers have increased in numbers over time and professional criminal groups sacrificing their time online. Threats are there on a daily basis. All online activities must be monitored and organisation must be ready to fight
Advanced Persistent Threat together with inside threat is the most serious threats an organisation can face. Also, as a bullet-proof defence is impossible yet the damage is enormous. Attackers do not relent to influence the organisation staff, to some extent they will even get hired so that they can access and make their detection harder. These ways show cyber crimes will always be present but it’s upon the organisation to bounce back to its former state before the attack.
There are many areas in which hackers can invade your systems like emails and attachments. All that matters is that you don’t trust anyone. Hackers are very determined and should not take for granted; they spend most of their time online just to hack to your systems. Their numbers have increased significantly over time and they are motivated by financial gains among other things. Hacking will never stop any time soon. Hence, the only resolution left is for organisations to be resilient and its ability to bounce back in case of an attack.
The main question asked here is, what can the organisation do differently after coming to a realisation of Advanced Persistent Threats? Setting up the kill chain. This is understanding the process that the attacker often uses or follows, the from there you can detect, disrupt, degrade, deceive or even deny attacker any chance to get into the system.
Monitoring the network and systems. By the fact one has little knowledge of what is happening on you network or system then you have limited chances detect any malicious activity.
Minimise the effect that breaches would have. This cam is done by encrypting data at rest, by even adding fake data to the real data. An example, stealing a million credit card numbers would have only a thousand real credit cards.
Can you be able to predict which actions are good and those who are bad? Can you separate users according to their behaviour by whether risky or regular? Can you be able to detect when a disgruntled administrator is installing unwanted software even before he leaves the organisation premises? This and many more questions are asked when applying security analytics to big data.
The advanced analytics entails models for representing attacks and threats. This depicts the need to train and to test out patterns. In other cases, this analysis is meant to provide the visualisation that human skills can be applied to generate insight. By connecting data from network log files, system behaviour, etc. we can come up with a much more complete picture of what entails normal behaviour for a certain user or even a scenario. The gamble is to combine different sources and try to identify patterns across these different systems that indicate unwanted behaviours.
Advanced analytics on very big data can be utilised to identify external breaches e.g. by identifying patterns in several attackers when they undertake reconnaissance and at the same time identify internal dangers e.g. when one is accessing rare data at an unusual time. There are many benefits achieved without big data. It is simply looking for what happens across the silos but when big data is involved, the premises are ambitious and pro-active. It may be hard for just a regular security group to get any fruits from big data part, and the point is we might have effective detection types of equipment to mitigate the impact of the attacks but the real revolution will involve big data. We will be in a better position to analyse what is good and what is bad.
Traditionally data analyst looked data from a single point of view such as a CRM system, and a data scientist does explore and analyses data from numerous sources. A data scientist will sift through all approaching data with the aim of discovering a past hidden insight that can generate a competitive advantage or deal with a serious business problem.
This is not a common skill in it security. By applying advanced security analytics to large data, we can increase chances of detecting malicious activities. It solely depends on patterns of certain behaviours.
The IT world has recently come to a conclusion to the value of big data and information that can be concealed in large and also disparate data sources. This redefined focus on data has also suffered over time into the security society. This is done by applying same technologies to the data sources present to identify and prevent attacks.
Data part of the story is about slicing down data silos in support of advanced analytics. Since we can collect big volumes or high-speed security data, now we need data from other sources. In the analysis, concentration is not on getting the good and the bad, but rather understanding what is normal so as to allow analysing the exceptions.
Traceability and linking become important regardless of observing data flows, conversation or even entities. Any activity that renders insight to the abnormal, unusual and potentially malicious in an institution would be an addition to the tools available.
For data to be analysed from big data, it must be sliced into silos that are smaller parts for ease of analysing. The trick used is combining many different sources and looking for patterns that depict undesired behaviour. In data analysis, concentration is not on getting the good and the bad but what is normal.
A new species of techie is totally in demand these days and it’s not only in Silicon Valley but also in all company headquarters all over the world. Echoing the words Pascal Clement, who is the head of Amadeus Travel Intelligence in Madrid, he said that data scientists are the new superheroes.
Some claim that the present way of using data is blocking security since a lot of time is used while results are thin. So what do we do? First, get hold of what advanced security analytics on large data can or cannot present on your detection mechanisms. Hire a personnel who have the data skills required the data scientists need to know about patterns, correlation, statistics and how to utilise the tools operationally. Start gathering and correlating data with different systems and channels.
To get the best business value from big data analytics endeavours, the user should incorporate a mix of structured and unstructured information. In a nut shell, don’t think of it as big data but as wide. Big data is a bit of a misnomer. Due to a lot of information coming from the web, new call centres and other areas, data sources can be enormous. To get true business information that can help from big data analytics applications, organisation and analytic vendors focus on integrating and analysing a wide mix mixture of information.
Do not ignore what sensors have to say. In this well advanced age of the internet of things (IoT), sensors and other tracking gadgets are increasing in products and also industrial equipment, they can send the data they get via the internet back to the corporate system. But due to the mindset of many people that IoT only provides excellent commands and control of machinery like in remote sensing of oil pipelines or maintenance information from trucks and other vehicles.
In as much these uses are important, even bigger issues are at stake. Searching for trends in massive amounts of sensor data can aid users better recognise and fathom quality control issues, geographical differences in tools and other important factors for long-term planning.
Hacker learns quicker the organisation
In this chapter, we get to discuss the fact that hackers learn faster than the organisation they are attacking. In heavy internet usage ushering in the information age, roughly 3000million computer are interconnected to each other through a complex maze of sophisticated networks. However security levels have lagged behind a great deal in the rush to get interconnected and proceed to be online. This is because each connection to a network represents an opening to the network for the hackers. The use of cable modems, an equivalent of always-on offers high-speed connections to personal devices users and this pose a security problem since they provide more resources and bandwidth to hide malicious acts. The bottom line is that, if you are connected to the internet you can be identified by hackers for serious attacks.
Worldwide, not a week elapses without identity theft happening. An example, a news report in April 2003 stated that ‘‘Names, addresses and credit card data of sponsors of Georgia Institute of Technology in Atlanta had been hacked.’’ Online intruders had stolen 57000 identities in a period of two months. It is obvious that identity theft is widespread, fast-growing and expensive to the society. In September 2003, Federal Trade Commission reported that identity theft had caused nearly 10 million Americans lose almost $53billion. Worldwide, identity theft and related acts were estimated to cost around $221 billion in 2003 and experts expected the situation to get worse.
Making the same mistake over and over
In the past when phone systems were being hacked it was by putting control codes in the content of the call. This used to give unlimited free calls or at times calling at someone else’s expense. When the introduction of database came along, the same thing happened again. It seems that with every new technology we make the same mistake again.
What is recent
Due to the introduction of new devices, cloud and collaborative business processes, the possible places where attacked can take places has significantly increased. The expectation that hacking will be applied to a human computer can be true. This is by providing influence to people to make decisions that compromise their integrity.
Each year ore experience is gathered but this only makes sense if we apply the knowledge gained. If the lessons from the past are easily forgotten, then resent insights are useless.
One is that if we are not keen enough, we may continue making the same mistake over and over again. This leads us to be vulnerable each time we try to evolve. Hacker community is good in spreading their knowledge quickly and they even train their apprentices to become better. This culture should also be adopted by the attacked community.
As we enjoy use of faster speeds and many devices we should know that this is the openings that hackers look for them to attack.
In the race to overcome attackers, we are constantly at a watch for latest and new threats and counter measures. Trying to pull up our socks and keep up with every dynamic field of technology innovation. It’s time to work jointly across companies to build a solid body. The only way to be able to fight effectively cybercrime is to form inter-company groups. Individually, where each is in their corner will not bear fruits.
Generate skills about conceptual, abstract side of attacks. Know what kind of patterns are there, how they are applied in different layers and also technologies and how we can prevent the attacks. Every time a new technology is in launched you can quickly gauge what patterns can be used and what you can modify your system to minimise risk.
Become a leader in the community in the field of security. Taking a pro-active action not just to be a member but also push forward security practices, supply chain, etc. The most excellent way to be the best is to strive to be the head in the field; being the one to set standards instead of implementing only.