Knowing who is attacking you and what their aim is, is a move in the right direction for successful cyber defence.
According to Jayson O'Reilly, director of sales and innovation at DRS, knowing what tools are being used in an attack is not good enough, adding that companies must understand the motivation behind an attack too.
"Phishing attacks, for example, and spear phishing in particular, are on the rise, and are getting easier and easier to execute, mainly due to the vast amount of personal information people share without a second thought on social media."
According to O'Reilly, targeting an entity via an employee, supplier or third-party partner is easy, but these attacks are only a conduit for a more serious advanced threat. He adds that understanding who the adversary is, and what motivates them, will help to mitigate these attacks, and give the business insight into its strategy and tools and, in turn, an appropriate response and defence.
A cyber criminal's motivation, be it financial or ideological, can make a big difference to security strategies, he adds.
"A cyber criminal who employs a Trojan to steal financial details would understand the window of opportunity is a matter of weeks, as these threats do not take long to uncover," explains O'Reilly. "During this time, he would attempt to access as many bank accounts as possible, in the shortest space of time. These attacks are quick and vigorous."
Advanced persistent threat (APT) attackers are usually after a lot more than money and launch highly sophisticated attacks, which use multiple vectors to achieve their aims, he points out.
APTs often hang around stealthily on a company's network, slowly moving around and exfiltrating information. "The attacker might be after trade secrets or intellectual property, or any other highly sensitive data. The object is not a quick buck, but a long-term project."
For O'Reilly, by profiling the threat, instead of the vulnerability, businesses can better understand their foe. "Traditionally, security practitioners would look to the network and the firewalls, all the usual measures. However, attackers will always innovate and find new ways to get to their targets."
O'Reilly believes businesses should also be aware of attacks used as a smokescreen, in which one attack is used to disguise a darker purpose. He cites an example of recent distributed denial of service (DDoS) attacks against banks, which were used as a decoy while the attackers penetrated other systems to steal millions.
"Often, not enough thought is given to the most simplistic question of 'who wants to attack us'. If we know that, we are more likely to know how they will attack us," he concludes.
Share