What cyber criminals don’t want CISOs to know

Every day there is a story in the news of a security threat causing havoc to even the largest of enterprises. It may be website defacements one day, denial of service the next and credit card data exfiltration the day after.

It would seem that enterprises are struggling in the ongoing cyber wars, but what if there was knowledge you could gain that would let your enterprise even the score a little? I am not saying that enterprises can put a stop to cyber crime, but what I am saying is let’s turn getting decimated into living to tell the tale, albeit it with a battle wound or two. I am not talking about fighting back. I am just talking about getting even in a legal way.

Let’s turn to a scenario that though, initially, a little obtuse, will become self-explanatory by the time you have finished reading this blog post: Imagine you want to cross a busy highway. There are cars moving along at incredibly high speeds and you need to navigate a clear path or end up splattered on the windshields. Whether you live to tell the story depends on the actions of the drivers. They may speed up, or slow down, or change lanes. These are actions over which you have no control.

At the same time, reasons for failing to cross the highway could depend on your actions, which you do have control over. What if you speed up or slow down? What if you miscalculate how fast the cars are travelling? What if you forgot that you have a limp due to a former sporting accident? What if your judgement is impaired because you forgot your contact lenses?

To understand your enterprise’s risk profile, you not only need to know about the enemy; you also need to know yourself. The question becomes: how much do you know your enemy, and how much do you know about your enterprise?

Let’s begin with the easy part – your enterprise. The trouble is, we tend to understand less about ourselves than we think we do. Cyber criminals have the upper hand when your weaknesses are exposed because they use those weaknesses as their strengths. Why wait for cyber criminals to beat you to it? Understand your weaknesses and turn those into your strengths.

To know your enterprise you have to identify all of the assets. Failure to identify all assets means you are leaving your security strategy to chance, and let me ask you, has chance paid you handsome rewards in the past? I should think not. Identifying all of your assets requires you to think laterally.

In the same way the value of a rental property, which is clearly an asset to its owners, depends on its surroundings – land, market demand, infrastructure – information depends on surrounding assets to help increase its value. These assets include digital assets such as applications, physical assets such as network and storage infrastructure, and yes, storage infrastructure can be a broad portfolio ranging from USB drives to a briefcase to a building, and of course human assets. All of these have weaknesses and if we can identify those and turn those into strengths it is possible to stand strong and become a much more resilient in the war against cyber criminals.

The other half of the equation is knowing your enemy. It is important to know their motives and their strengths. They certainly make it their priority to know your weaknesses before they begin to create a weaponised and targeted assault on your assets. But for all their might, stealthy behaviour and technical prowess, remember that cyber criminals are also only human. They make mistakes; they bleed when punched in the nose, not that I am advocating you do that; and suffer human weaknesses. What you probably haven’t considered is what those weaknesses might be.

Here are three weaknesses that you should include in your arsenal against cyber criminals:

(1) Their biggest threat is you. As odd as that may seem, let’s revisit the earlier scenario. If you have cross that exceptionally busy highway, then clearly, speeding drivers are your greatest threat, but have you considered that you crossing the road is actually a threat to drivers? What if they do hit you? That could mean damage to their vehicle, swerving to avoid colliding with you and risking their own death, shock and various other forms of mental trauma, being late for an important appointment, increase in insurance costs, and many other inconveniences. You are as much a threat to drivers, as drivers are to you when crossing a road.

Similarly, cyber criminals see you as a threat because they do not know for certain if you are watching them. You may have watched their every move for months when you decide to pull the plug – for them, that’s four months of time down the drain; for you that’s a momentous occasion.

(2) There is very little love in the criminal underworld. Though we see black markets thrive on selling stolen data and exploitation tools, cyber criminals have to watch one another carefully and be careful what secrets they do disclose to one another. A year of work exercised by one cyber criminal outfit may be thwarted when a less experienced and less stealthy outfit storms in with guns blazing at the last minute. Just as typical enterprises have competitive threats, so do cyber criminals.

(3) Cyber criminals are generally lazy. They may be very well organised, increasingly becoming better funded and have brilliant minds. However, just like typical enterprises, they too will not reinvent the wheel. This means that a lot of the tools that are bought and sold, swapped or bartered in the criminal underworld are based on common exploit code making it simpler to look for known indicators of malicious behaviour in so called zero day exploit tools.

Now you have some intelligence about your enemies weaknesses, it is time to fight back and even up your enterprise’s odds in these times of cyber war.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber criminals

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Andrew Bycroft

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place