The Hard Truth About Cyber
Hacking is big business, so, logically, efforts to combat it are, too. According to a report published by the Executive Office of the President, cyber hacking cost U.S. businesses from $57-109 billion in 2016; according to Zion Research, the cybersecurity market will surge to US $181.77 billion by 2021, to fight it.
Cognitio can validate this from our own experience consulting with companies of almost every size across industry verticals. Our work has shown that almost every enterprise has been hacked or breached, although few will admit it publicly. According to the Verizon Data Breach Investigation Report (DBIR), most attackers enter an enterprise’s systems in minutes, and remain undetected for months, or even years.
Our analysis shows that blended attacks (e.g., brute force attacks combined with more subtle phishing tactics) are normal, and nearly constant. This, coupled with the fact that the best practice of the past has been the “castle with a moat” model, a defensive posture which always fails, leads companies to have an uneven understanding of the threats and risks to their business, and lulls them into a false sense of security.
The New Normal
Every company must accept some basic ground truths in order to survive in the new digital world:
- At some point, your company will be breached.
- There is some level of viruses/malware/intrusion that you must accept as normal risk.
- There is no established benchmark for return-on-investment for security spend that will adequately protect your network.
Until recently, most executive leadership thought that digital risk was a topic for the technology groups within their companies, and that by simply being compliant with a few published frameworks, they would weather the cyber “storm.” Cyber hacking, however, is not a passing storm. It has grown far beyond mere day-to-day weather, and is now the new climate.
Shareholders, board directors, and customers are applying pressure on the C-suite to understand and address cyber threats as serious risks whose impact goes far beyond the mundane operational to the existential – potentially causing long-lasting damage to a brand, reputation, and business continuity.
Who Attacks and Why
Cognitio is often asked why a hacker would want to attack a given company. The answer can be complex. In the past, the most common answer would be for monetary gain. However, in our current highly-politicized climate, other objectives could be factors. The following table illustrates the most common threat-actors and the motivations they may have in attempting to penetrate your company’s systems to get to your assets:
Today, any organization of almost any size can be a target, and the motivation comes in many forms. For example, for one small regional company who came to us with odd patterns of system access, we found that the motivation was money: an employee was using stolen customer information to apply for credit under customers’ names. In another case, the company is such an iconic American brand that, for some hacktivist groups, attacking it was the same as attacking the United States.
Most attacks today are undertaken by groups of attackers. They may be loosely aligned, or highly-organized, but by studying and understanding these groups, motivations become clearer.
In the end, adversaries have myriad objectives, and they will continue to attack until their goals are met. In many cases, with the advent of social media, your adversaries know your company better than many of the rank-and-file employees.
How Attacks are Driven
With the commoditization of compute and easy access to large bandwidth, almost any size organization can approximate the attack capability of a nation-state or well-equipped criminal organization from the past. The methods that these attackers use mirror advanced capabilities that were often the purview of highly sophisticated adversaries only a short time ago. The figure below illustrates the most common methods of attack that Cognitio sees within the scope of our engagements:
Typically, an adversary still relies on insider threat and espionage methods to gain access. That might mean stealing a laptop, running a phishing attack against employees, or using simple social engineering to breach systems. Overall, the most common technical attacks can still be defeated by simple hygiene, such as patch management, identity and access management, and segmented networks. Even so, technical methods still work on overwhelmed IT and technology security staff.
In fact, one of the key perspectives for any executive to ponder is that, in this battle, it’s the IT staff against the most highly-trained, capable adversaries in the world. The only thing that stands between them and a data breach is your network security team, and they must face the marshaled forces of China, the Soviet Union, organized crime, and disgruntled employees. Against those odds, it would be hard for anyone to prevail.
A Typical Approach to Cyber Security Fostering A Culture of Cyber Security
What Can You do?
The key to success is to take a pragmatic view of cyber risk. Assume that you will be breached. Spend wisely on people, technology, and defense, but moreover, invest heavily in recovery, remediation, and the ability to re-instantiate your digital enterprise quickly and efficiently, should an attack be successful.
The final figure below provides some advice that Cognitio gives to every client:
Cognitio Can Help
We understand that executives are bombarded from all sides – with directors, shareholders, customers, and regulators demanding compliance and accountability from the outside, and with internal teams clamoring for resources to support their own initiatives.
It can be easy to feel blindsided, under-informed, and, candidly, overwhelmed.
Cognitio can help assess the current cyber landscape within your company, build a prioritized action plan to triage technology, insider threat, and policy gaps, and actively support remediation efforts, while helping you drive a culture of security that can help defend against, and more importantly, recover from attacks and breaches when they occur.
Click HERE to book an initial 30-minute consultation with us now.
For more information, contact us at firstname.lastname@example.org, or call us 703-738-0068.