Cyber attacks aren’t just bad for business…
DISRUPTIONHUB spoke to Joep Gommers, CEO of EclecticIQ, to find out how cyber crime has evolved from disturbance to disaster – and how threat intelligence technology can be used to avoid it.
In 2018, the World Economic Forum’s Global Risks Report identified cyber attack as one of the top three risks facing global systems today. The reality of cyber crime has forced organisations, corporate or otherwise, to carefully consider how they collect, store, and handle information. Cybersecurity now sits at the top of the board room agenda, and with good reason. The impact of a cyber breach can be devastating, destroying trust and leading to excessive losses at all levels.
Defining cyber disaster
EclecticIQ was founded in 2014 to help organisations take control of their threat reality with Cyber Threat Intelligence technology. Alongside a number of different vendors, the company is providing much needed support for initial cyber attacks, and also for the cyber disasters that often follow.
“A cyber attack is an instance where a threat actor, usually with malicious intent, launches an attack from one computer to either another computer or network with the aim of obtaining money, information, or causing disruption,” Gommers explains. “Cyber disaster can follow when cyber attacks cause significant disruption to society. It’s vital for organisations of all sizes and in all industries to put measures in place to protect against them.”
Failing to put a strategy in place to recover from a cyber attack, then, can lead to a cyber disaster in which ransoms are demanded, data is stolen, and the socio-economy suffers. Cyber attacks are already being used against governing bodies to bring about cyber disasters. A notable example is the 2016 US election, in which nation state hackers were thought to have exploited vulnerabilities in voting machines, and used social media to promote pro-Republican sentiment. The use of nation state hacking has turned cybercrime into an even bigger challenge.
“The investments associated with nation state capabilities in the cyber arena have significantly accelerated innovation of offensive capabilities globally, driving up cost for appropriate defensive postures by national governments and large enterprise. For example, an increased investment in artificial intelligence by the largest global superpowers will compound the cyber capabilities of these nations,” says Gommers.
Getting smart about cybersecurity
The tidal wave of cyber crime is intimidating for any organisation, but particularly for those that handle sensitive data – think banks, healthcare companies, or government departments. Organisations may attempt to spread out their cybersecurity resources, but this can arguably reduce their effectiveness. The sheer scope of cyber threats is staggering – and the list will only get longer.
Although it’s virtually impossible to defend against every single type of cyber threat, organisations can leverage technology to work out what threats are most relevant, and where they are likely to happen. One of the ways to do this is via a threat intelligence platform (TIP), which collects data from multiple sources and compiles it into a central location. This makes it easier for organisations to spot connections between different sources of information and understand where and why attacks could occur.
But what if a cyber breach does happen?
For Gommers, TIPs need to be used across the entire lifecycle of managing security threats, providing incident response guidance as well as initial preventative measures.
“This approach allows organisations to learn from any potential breaches they might have encountered and improve their security operations following the attack in a comprehensive and cost effective way,” he says. “The main aim of EclecticIQ Platform, however, is to provide intelligence to help organisations improve their security posture as well as the efficiency, speed, accuracy and capacity of intelligence.”
Combining technology with culture
So, what is the most important thing that an organisation can do to lessen their risk of cyber attack?
“Intelligence-led security is the only way to ensure that cybersecurity resources are spent well, which is why it is quickly becoming the de-facto approach to all areas of security. This takes things back to defending against the most relevant threats, rather than trying to protect yourself against every possible cyber threat,” says Gommers.
Predictive analytics, for example, can help to identify the key areas for cybersecurity investment. It can determine particular weak spots, and concentrate cybersecurity efforts where they are needed most. Without these kinds of systems in place, organisations are far more likely to suffer an attack. That said, cutting edge technology is not the only way to protect against cyber criminals.
Preparing for and recovering from cyber attack is as much about a holistic, organisation-wide mentality as it is about specific technical approaches. If the reality and repercussions of a cyber breach are communicated across the business, it’s possible to create a cleaner data culture in which all stakeholders are aware of the consequences of cyber crime, and united in their efforts to avoid it. Getting smart about cybersecurity doesn’t necessarily mean investing in AI or machine learning, but investing in employee education.
There are many things that organisations can do to protect against cyber crime. Unfortunately, cyber criminals are so sophisticated that all organisations, from small online retailers to the world’s biggest banks, should expect to be targeted. This realisation has led to the creation of dedicated cybersecurity companies like Darktrace, FireEye and EclecticIQ, which use advanced threat intelligence to identify and protect high risk areas.
Teamed with a sound understanding of clean data culture, businesses and non-corporate bodies can certainly levy technology to avoid cyber breaches. However, despite the well known dictum that prevention is better than cure, perhaps the key to surviving the cyber crime epidemic lies in the aftermath of an attack. If organisations operate on the assumption that they will be attacked, they will build a more effective risk mitigation process.