Every day, government agencies and private businesses are under threat from cyber criminals. While that is nothing new two recent industry reports show the tactics being used to attach them have changed, and technology alone is insufficient to stop the threat.
“Every day millions of records are being stolen. It’s happening right here, right now,” said Ajay Sood, General Manager of FireEye Canada. “You can no longer use technology to meet this level of threat.
FireEye, a security company headquartered in California that provides malware and network-threat protection systems for 4,400 customers in 67 countries (including 100 companies in Canada), released a report this year which showed businesses are swamped with alerts for security breaches — up to 17,000 each week. There’s no system to rank or contextualize these breaches, which can leave major ones overlooked, and it can take up to 100 days to respond to serious breaches. FireEye’s studies show that organizations can only manage to respond to 4 per cent of threat alerts and spend up to US$1.2-million annually responding to inaccurate alerts.
“The result is that you are still grossly exposing yourself to the probability of being breached,” Sood said. “Statistics show us that the time from invasion, reconnaissance, data theft, and exfiltration is approximately seven minutes. Imagine what a criminal can do in 100 or 200 days?”
But the biggest thing businesses and government organizations should be concerned about are how cyber criminals are now targeting them.
Sood said Eastern European criminal groups and the Peoples Liberation Army in China used to target financial computer systems and networks but are shifting their focus to personal attacks in order to build a data footprint.
“Now it’s about, ‘Let’s own that person. Let’s infiltrate their lives.’ That is the biggest evolution in the last 12 to 14 month that we’ve seen in the area of cybercrime,” he said.
To what end? To leverage an employee’s privilege and exploit what they know about that person as well as who they know, Sood said. They can access an employee’s workspace, gather proprietary data, and track whoever that employee knows. He explained that approximately 50 per cent of networks are breached internally as a result of stolen credentials when employee access is abused or, sometimes, by a disgruntled employee.
For example, by reading an employee’s Google calendar, criminals will know that he or she is attending an important government meeting; they can remotely turn on the phone’s microphone to stream and record the private meeting, Sood said. “Forget about stealing a credit card number. That is basic.
“People tend to think and worry about the photos on their phone but they should be thinking about the people they know and what can be done… to exploit their identity.”
Mega breaches of personal data
Last week, Symantec released a cyber security report detailing nine “mega-breaches” of personal data in 2015, where 429 million personal records were likely exposed or stolen by cyber criminals – including a voter database in the U.S. – but the real number of hacks were unreported because the organizations kept the breach a secret. In fact, the number of companies that refused to report the scope of a data breach soared by 85 per cent last year. According to Symantec, hospitals, healthcare firms and insurance companies suffered the largest number of breaches.
In the last 18 months there have been high-profile breaches in Canada’s public sector as well including at Elections Canada, the National Research Council, and Canada Revenue Agency.
“What’s being disclosed is a very small percentage of what is actually occurring,” Sood said, since there is no federal law requiring companies to report data breaches. He added that the government is not well positioned to protect government agencies or businesses from cyber-scams, malware, or international cyber crime.
“We are outmanned and outgunned. We are facing off against tens of thousands of individuals whose lives depend on hacking us,” he said. “The reality is the government is not providing cyber resiliency services. The infrastructure isn’t there for them to deal with cyber crime.”
When asked to outline infrastructure and protocols that protect against cyber crime, Mylène Croteau, a spokesperson for Public Safety Canada, said in an email that the Government of Canada has a cyber crime Guide for Small and Medium Business that provides practical advice on how a business can protect itself and employees. In addition, it’s the job of the Canadian Cyber Incident Response Centre (CCIRC) within Public Safety Canada to provide advice and support, Croteau said. She also explained that as part of Canada’s Cyber Security Strategy, the “Get Cyber Safe” public awareness campaign is designed to help educate Canadians about internet security and how to keep themselves safe online. The website can provide information, she said on the most common threats and tips to help businesses protect themselves.
From the IT department to counter-intelligence
In response, cyber security is no longer confined to the IT department; it has become a form of counter-intelligence. In 2014, FireEye acquired Mandiant, a security company that uses digital forensics. Today FireEye’s 500 cyber-specialists worldwide include ex-military, computer scientists, and cryptographers who actively scour cyber networks for intelligence. The combination of local and global analytics and human and machine generated data is poured into their massive database to search for and take down malware to provide global coverage 24/7, Sood said. They’re also working to plant operatives into cyber criminal terror cells in order to warn clients ahead of a cyber terror attack.
“To be ready for a breach, to defend against an infinite number of cyber attacks you need a mixture of technology and expertise powered by intelligence,” said Sood. “This is the big challenge our industry faces today.”
Sood shared some tips you can use to help protect your business from a costly data breach:
1. Understand your data: What data do you have? Classify it. Where is it? How important is it? And what is important about it?
2. Don’t forget about your computer, your cellphone or your tablet: You need to secure those endpoints because that is where your users live and that’s where the invasion happens. By email. By web browsing.
3. Build a secure enclave: Once you understand the threat surface, put that data somewhere safe and build out a protocol. Understand that the network where you data lives is not the same network where your users live. Make sure they don’t intersect. Put some of the following tools or processes in place: SIEM technologies, incident response frameworks, advanced malware detection.