BLOG

Turning cyber defence into proactive protection

 

On a daily basis the tabloids report new cyber-attacks and in the past 12 months some of the largest organisations have lost considerable amounts of data. This includes people’s private information as well as company data. Lloyd’s of London predicts the value to be $53billion this year alone – and that does not factor in losses from damaged reputations.

In military terminology, cyber attacks would be considered as asymmetric warfare where a perpetrator using minimal logistics, tactics and resources attacks a primary target and chooses the time and place of the cyber-attack. Unfortunately, it is most likely the perpetrators will never be prosecuted, instead the ransoms will continue and losses will accumulate to the point that some corporations will yield and many SME’s will cease to function.  We are all so reliant on technology, this is where we are heading.

In today’s business DNA age, corporations heavily rely on automated systems and software to protect and defend their intellectual property. What few focus on is changing their approach from defence to reducing/minimsing the risk. With one click you can purchase the ultimate defending software or simply hire an IT company that specialises in cyber protection. However, this approach will not produce the take way the problem. Cyber attackers see the challenge to hack your company and in most of the cases the source codes of defence software can be found in the deep or dark web.

Sophisticated cyber attackers do not randomly choose their next victim. They do their research, they apply social engineering to collect data about their victim and all of this is converted into useful intelligence. Once when useful intelligence is viable the attack will occur.

No one knows the extent of the total cyber-attacks that have happened or are happening right now. We do know that it is occurring, and it will continue unless corporations and governments start combining and sharing their social media and human intelligence coupled with ongoing employee training to help them recognise possible cyber-attacks.

Perpetrators will use all the available tools possible in their possession. In most cases all they need is a computer screen and their social engineering skills. Every corporation’s weakest link is the human factor not your IT system or the software you are using. People know how and where your data is stored but what they don’t know who is weakest link in your organisation to open that door.

Proactively applying the methods and tactics of human and social media intelligence combined with your technical defence strategies will guarantee your safety. It is a simple formula, if you respond to a cyber-attack by paying the ransom or adding extra IT protection features you defend yourself. What you need to add is monitoring trends and patterns, training your key staff in human intelligence, helping employees recognise social engineering and understanding how to effectively investigate incidents.

It needs to be understood that perpetrators can inflict considerable damage with minimal resources (asymmetric warfare) even if when a corporation spends huge amounts to tighten IT security measures. The battle is lost when the most important factor, the human factor, has been taken out of equation.

Before responding to a cyber attack, you must understand who your opponent is and what their modus operandi is. The only way to do this is by applying human and social media intelligence methods.

 

Mario Bekes

Managing Director

Insight Intelligence Group Pty Ltd