Silverstone Park’s recommended telecommunications and wi-fi provider Modern Networks explains how to assess cyber threats, why ‘threat actors’ target certain organisations and suggests some cyber security precautions.
Geraint Williams, Chief Information Security Officer states:
Cyber security is a topic we should all be aware of.
“It often impacts our personal and work lives. Unfortunately, many people seem to believe that cyber incidents only impact others and not themselves. They mistakenly believe in a form of security by obscurity.
Threat landscape
“Security professionals talk about the cyber security landscape and different types of threat actors. To determine the risks, an organisation needs to understand how the threat landscape applies to them. The threat landscape is highly dynamic and constantly evolving as new technological, political, economic, social and environmental challenges emerge. Organisation should review the threat landscape regularly.
Threat actors¹
“Threat actors, as they are termed by cyber security experts, come in all shapes and sizes, from the novice to state-sponsored attack groups, with so-called ‘hacktivists²’ and criminal gangs in the middle. Where a malicious novice may launch an unsophisticated cyber-attack, a well-resourced state-sponsored attacker is more likely to develop a novel, highly sophisticated campaign against a specific target. The campaign might be multi-faceted combining online and physical elements such as breaching a building’s security to plant hardware or stealing devices containing sensitive data.
“Currently, most organisations and people find themselves randomly targeted by large quantities of low-grade cyber-attacks ranging from advance-fee email scams to unsophisticated phishing and social engineering attacks. As a threat actor’s skills and resources improve, the volume of attacks lessens but the likelihood of a successful attack increases. For those organisations targeted by the state sponsored attacker the likelihood of a successful breach is extremely high.
Target attractiveness
“What makes an attractive target for a cyber-attack? Well, it’s a bit like online dating. Your business profile must appeal to the motivational desires of the attacker. If the threat actor is a criminal gang and their primary motive is financial gain, then they will target businesses who are likely to pay to prevent any disruption to trading or loss of sensitive customer data such as credit card details.
“Similarly, foreign governments or business competitors might target companies who operate at the forefront of advanced engineering (as is the case for many Silverstone Park companies), medical research or defence to try and steal intellectual property.
“Often threat actors are not trying to kidnap your data or disrupt services but seek to hijack your computational resources to help launch an attack against someone else. Imagine you are a threat actor and you wish to target a UK government department, but that department has very good cyber security. Instead of launching a direct assault on your target, you find and infiltrate a poorly protected supplier and use them as your Trojan horse (a supply chain attack).
Defender fatigue
“Although it is easy to identify and defeat most crude cyber-attacks, they can lead to defender fatigue. Employees can accidentally respond to malicious emails or other attack vectors because they are too busy to properly scrutinise every communication received.
“Regular security awareness training educates employees about the latest cyber security threats and helps reduce defender fatigue.
“To further reduce defender fatigue, we suggest the use of SIEM (security information and event management) and other monitoring, detection, and response tools. We also suggest using SOAR (security orchestration, automation and response) for threat and vulnerability management and incident response.
Attacks are not what they seem
“Once upon a time, ransomware simply encrypted a victim’s data and demanded a payment to release it. Today’s ransomware still hijacks a target’s data, but also exfiltrates it. First, the attacker demands a ransom to unencrypt the victim’s data. Next, the attacker attempts to extort a further payment by threating to release confidential, sensitive or intellectual property to the press or highest bidder.
“A ransomware attack can also be cover for a data breach. Attacks can go undetected for long periods as the hackers move laterally through your network, planting ‘backdoors’ to maintain access in case the original entry point is discovered. As they navigate a network, they gather intelligence and escalate their privileges. Once discovered, hackers might launch cover attacks such as ransomware or shredder attacks to hide their original purpose.
Summary
“For organisations to apply appropriate cyber security counter measures and become resilient when under attack, they must understand their value to the attacker. Sometimes an attacker will use an organisation as a stepping-stone to infiltrate a third party. Whilst it is easy to defend against high volume, low skilled cyber-attacks, those attacks can act as camouflage for more sophisticated attacks developing in the background.
“No organisation is immune from the threat of a cyber-attack. By understanding the evolving threat landscape, your organisations risk profile and the motivations of malicious actors, you can develop the right cyber security counter measures to meet those threats.”
To learn more about cyber resilience contact Modern Networks.
About Geraint Williams
Geraint Williams, Chief Information Security Officer (CISO), Modern Networks. Formerly University of Bedfordshire, Head of Technical Services, School of Computing and lecturer in computer security and ethical hacking.
Key:
¹ Threat actors are often categorized into different types based on their motivation and, to a lesser degree, their level of sophistication.
• Cybercriminals. These individuals or groups commit cyber crimes, mostly for financial gain. …
• Nation-state actors
• Hacktivists
• Thrill seekers
• Insider threats
• Cyberterrorists
² A person who gains unauthorized access to computer files or networks in order to further social or political ends.
