Cyberthreat actors are individuals or groups who work with the malicious intent of taking advantage of vulnerabilities and gaining unauthorized access to information systems. They intend to affect the victim’s data, systems, networks, or devices. The internet is an effective tool that they use to reach the vulnerabilities and spread them to their worse. This article is a second part of the webinar series, ‘Cybersecurity- past, present and future’. Take a look at the first part of this series here.
Watch the Cyber Talks by Christopher Novak now:
Who are the threat actors?
The example of a financially motivated social engineering attack, mentioned in the first part of this series, is described as an ‘organized crime,’ which accounted for more than other types of attacks like state-affiliated, system-admin, cashier, activist, etc. From the graph, it is quite shocking to see that miscellaneous errors account for almost 21% of breaches. Another point to consider is that over 60 million records were impacted or disclosed, just purely due to misconfiguration. Novak suggested, “There’s a lot that organizations can be doing from a kind of checks and balances perspective on their overall security and controls.”
After the detailed understanding of the threat actor behavior, Novak revised the earlier graph, where financially motivated attacks make up a large percentage of it, followed by espionage attacks and then other reasons contribute to the motivational factors. Espionage attacks account for nearly a quarter of all breaches and are typically associated with trade secrets, intellectual property, and sensitive data. Generally, this data is of extremely high value, most of which are of national importance. Financially motivated attacks are triggered in a broader platform without knowing who will fall in their trap.
Source of threat actors
According to Verizon’s research, Chris Novak explains that there are three main threat actors, viz., external, internal, and partner. Though the partner-sourced attacks are in the single digits, they are more challenging to detect. “It’s someone whom you have quasi trust, and you’ve given access to information or resources or systems, and that makes it a little bit harder to distinguish that activity if something were to go, rogue,” Novak comments. He explained that it gets challenging for the organizations to find the intruders who are a part of the organization, and their activity cannot be monitored separately for any unauthorized intrusions.
Unbroken chain – Path-based attack analysis
In the path-based attack analysis, Novak explains that the number of steps it took to compromise the victim successfully, and the number of breaches is inversely related. Verizon is trying to demonstrate that most of these breaches didn’t take many steps as the data may have been close to the vector, or there are fewer layers of security controls. Novak suggests that by introducing security roadblocks and breakers, would reduce the number of breaches. The threat attackers have no time to examine the path, and they move to the next prospect if they find difficulty in intruding the first target. Apparently, the higher the number of steps, the success ratio of the attack diminishes.
Recommendations from Verizon’s report –
- Understand and learn from historical threats and breaches.
- Combine risk and threat modeling with past and present trends.
- Avoid assumptions – things change fast and are not always as they may seem.
- Build flexibility into people, access and technology – adaptability is key
- Establish an ecosystem of external security partners
- Plan, practice, and prepare for new threats and risks.
Novak suggests that each one of us, when hit by a threat hit, we should implement some of the tried and tested controls to combine risk and threat modeling with past and present trends. Instead of blocking the threat with lots of controls, it is essential to make strategic use of the available resources. By having many bells and whistles, the organizations will end up chasing engineers and analysts. Due to the lack of reliable sources of information, organizations make poor security decisions based on low fidelity data.
To overcome this, Novak asks them to unite with an ecosystem of external security partners. Any security professional would recognize that the landscape is continuously evolving with new threat actors. Accordingly, we must equip ourselves with new plans and practices, which also includes policies and procedures. Initially, begin by framing the policies and procedures and train everyone who is supposed to be a part of the process. The members responsible should know that they are worth being a part of the process as they are expected to respond. By augmenting exercises, the shortfall can be traced and can be linked to the policies again.
Cybersecurity in any industry is crucial. Anybody can be a victim of the attempts that a cyber threat vector performs. To truly protect an organization, it should be equipped with cybersecurity professionals who are experts in different domains like application security, database security, handling cyber threats, penetration testing, and more. Employers prefer hiring credentialed candidates who have acquired training and certification from a recognized institute.
|EC-Council, a leading credentialing body in cybersecurity, offers fundamental, specialized, and c-suite level programs. Among the few popular programs, C|EH, E|CIH, ECSA, C|ND, C|ASE C|TIA, etc. More details about the programs: https://www.eccouncil.org/programs/|