Disruption is big business for cybercrims

The cybercrime landscape is changing as threat actors adopt increasingly targeted and sophisticated tools to attack businesses that are undergoing significant change.

Business growth is driven by change. And the advent of many new technologies such as the emergence of the Internet of Things and the adoption of blockchain is disrupting old business models. This disruption is fuelling growth but, at the same, is creating vulnerabilities that didn’t exist just a year or two ago.

Charles Lim, a Principal in Frost and Sullivan’s cybersecurity practice, told the audience at Trend Micro’s Executive Threat Summit held in Melbourne, that Australia, as an early adopter of many emerging technologies, may be vulnerable as threat actors adapt their attack strategies faster than businesses adapt their defence.

Lim says cyber-attacks are costing Australian businesses approximately $17B per year. That’s about 1% of the country’s GDP.

While many companies have moved away from simply deploying firewalls and end-point protection to more sophisticated tools, cyber-criminals are focussing their attention on the weakest links in the security chain.

This is why the rise in ransomware attacks continues says Lim. By attacking end users, businesses can be crippled. He cited examples such as Israel’s Electricity Authority and numerous hospitals in the United States and, earlier this year, the pathology department at the Royal Melbourne Hospital as examples. And while data might not have been lost there has been a substantial cost. Lim says data from the ACCC indicates about $400,000 has been paid out by Australians in response to ransomware attacks.

The NATO perspective

Anil Süleyman is the head of the Cyber Defence – Emerging Security Challenges division at NATO. To get some idea of how seriously NATO takes cyber-threats, his team is at the same level on the organisational chart as the team that is responsible for the non-proliferation of weapons of mass destruction.

His team is comprised of both technical experts and people from across different business disciplines. Süleyman says this is critical as threat analysis and remediation requires situational awareness as well as technical acumen. NATO also engages in a number of industry partnerships to ensure threat intelligence is shared

NATO’s network is a private WAN that covers 54 locations, spread far and wide across the planet, with over 100,000 user accounts organised into ten different security levels.

His team sees about 30,000,000 security events each day in their logs. Of those, about a dozen result in incidents that require further investigation and action. He says it it is simply impossible to manage that volume of data without the use of intelligent systems that automate the threat triage process.

One such threat hit the NATO network in April 2005 and served to heighten awareness of emerging threats. That incident involved a piece of malware that was specifically created with the aim of attacking NATO. It was not detected by traditional end-point protection tools at the time and wasn’t reported by member nations for another three months.

Despite having access to the best tools and a strong team, Süleyman says it is inevitable that some attacks will get through their defensive measures. That means it is critical to have strong response and remediation processes in place.

Süleyman highlighted the importance of having strong forensic tools not just in the network but also at endpoints.

And he said one often under-utilised tool was having a single point of contact for all cyber incidents.

With users often seen by attackers as the easiest point of ingress for an attack. Süleyman noted NATO has a strong commitment to ongoing education. With the organisations significant resources, NATO runs a number of schools across the world where education on cyber threats can be undertaken.


new easyXDM.Socket({remote: "https://www.survio.com/survey/i/csoss?embed=1", container: document.getElementById("survey-b54af301"), swf:'//surviocdn.com/s1/static/survey/js/easyXDM-2.4.16.3/easyxdm.swf', onReady: function(){ var shim = document.getElementById("survey-prev-b54af301"); shim.parentNode.removeChild(shim); this.container.getElementsByTagName("iframe")[0].style.width="100%";}, onMessage: function(message, origin){ this.container.getElementsByTagName("iframe")[0].style.height = message + "px";}});

Join the CSO newsletter!

Error: Please check your email address.

Tags WANscyber attacksBlockchainInternet of Things (IoT)trend microNATO securityransomwarecybercrimesophisticated hackerstargeted attacksaccc

More about NATORoyal Melbourne HospitalSocketTrend Micro

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place