Cyber attacks in a changing landscape

Peter Allor, security strategist at IBM, describes how mobility, cloud and social media have altered the security atmosphere and what Asian companies are doing to counter new threats.

How has the security landscape changed in the last two years? Have mobility, cloud and social media worsened the security atmosphere?

The threat is being portrayed as invincible and so advanced that we are defenceless. This is not an accurate portrayal. The threat has moved in two directions, one attacking enterprises on enterprise written websites and mobile applications, and the second, in attacking with sophisticated attacks through spear-phishing and social media.

This evolution of the attackers to these types of attacks and then downloading additional vectors once they breach an enterprise has changed the landscape.

Correlation of security information has allowed enterprises to better address this landscape change and to allow you to identify attack indicators and potential for compromise.

Information (both structured and unstructured, social data) is seeing endless growth in volume, variety, and velocity, and veracity as organisations seek to leverage big data solutions to gain deep insights and make their businesses more agile. This has opened the door to new vectors allowing the enterprise user to trigger downloads of malware into the network.

How are enterprise-class organisations protecting themselves today? What has changed in their security strategy?

Organisations today deploy a variety of security controls to mitigate risks, so they avoid situations where shutting down the whole network becomes the only solution. These include firewalls, intrusion detection systems, intrusion prevention systems and vulnerability scanners.

All of the individual security controls are good at what they are supposed to do, and they are properly deployed at almost every organisation today. But these controls alone are not sufficient protection from the "bad guys". The fact of the matter is security technology and experts are getting smarter, and so are the attackers.

Also, another thing you notice these days from the cyber attack patterns is there is a shift from a target of opportunity towards a target of choice, where attackers are continuously or even patiently planning and executing advanced persistent threats (APTs).

While use of the new technologies of mobile, cloud and social media collaboration does expose the risk factor for companies and their data, the trick is in how to use these new technologies with a more thorough and mature security mindset (or mental posture). For instance, analytics. Analytics does not just have to be limited to analysing data for business objectives, the concept of data crunching can also be applied for security purposes, which improves the scope and scale of investigation. In other words, with security intelligence, companies find clues, loopholes, malicious or incompliant activity that would have gone unnoticed and undetected, hidden deep in the throes of an organisation's data.

Increasingly, government-related agencies are also getting involved in the security scenario: either as perpetrators or victims of cyber attacks. Are there lessons in the government's defence approach that enterprises can learn from?

Organised crime, sabotage, espionage, terrorism, civil disobedience and the theft of intellectual property are issues that have moved from the physical world to the digital one because the reliance and ubiquity of the Internet has made cyber attacks on people, networks and systems both possible and effective.

Today, all the data and systems we have exposed to the Internet have produced new opportunities for malicious attacks. These opportunities have likewise produced an associated class of attackers who are often well-funded, motivated and innovative. They conduct reconnaissance, are more operationally proficient, frequently use custom, never before seen malware and will often do whatever they can to mask and hide their activity.

Whether or not cyber attacks are politically and socially motivated, they cause damage far beyond the single intended victim. Even though information security continues to evolve in sophistication, attacking networks and stealing confidential or classified information has arguably become easier thanks to popular new technologies that have introduced loopholes in enterprise security.

Current conditions have spurred organisations to become smarter by adding advanced technological intelligence into their online defences, which in turn requires new infrastructures capable of using sophisticated analytics to scale visibility across broad data sets, both diverse and complementary, in real time.

How do you see Asian companies approaching security vis-à-vis their Western counterparts?

Considering the global onset of cloud, mobile and social media, the key difference in security approaches is the attitude and commitment a company has in maintaining its security posture, regardless of wherever it operates in the world.

While many organisations remain in crisis response mode, some have moved beyond a reactive stance and are taking steps to reduce future risk. These forward-thinking companies see themselves as more mature in their security-related capabilities and better prepared to meet new threats.

Companies with advanced and competent security profiles share a few distinguishing traits. These include: clear recognition of the strategic importance of information security in the organisation and anticipation of increased spending on security over the next few years. Its business leaders are increasingly concerned about security issues, with mobile security a major focus due to the high rate of mobile workforces and wireless device adoption. Their attention has also shifted towards risk management and reducing future risk, and less on managing only current threats and regulatory issues.

As such, these traits illustrate the security maturity of an organisation as well as its ability to handle or avoid a breach. For instance, because the senior management recognises the need for a coordinated approach to security, advanced companies are more likely to have a dedicated security head with a strategic and enterprise-wide purview. Security issues are not ad-hoc topics but a regular part of business discussions. This, in turns, builds a more pervasive risk awareness across the business, where all employees take a proactive role in protecting their organisation. On the other hand, companies lacking a dedicated security leader suggest a more fragmented and tactical approach to security.

Join the CSO newsletter!

Error: Please check your email address.

Tags IBMsecurity

More about IBM Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Zafar Anjum

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts