There’s only one constant when it comes to cyber-attacks, and that is that each one is different
Cybercrime is a constant thorn in the side for every IT professional, and IT leaders most of all. You probably employ training, help desks and support services to handle the constant stream of attacks, but did you know that attackers are doing the same thing?
Cybercrime is big business; attack programmes and payloads are increasingly commoditised, and many are sold on the dark web. Like any seller, criminal gangs have a vested interest in keeping their clients happy, and offer a range of support services to get them what they need. If you've been unlucky enough to have been a victim of a recent ransomware breach, you may have seen the same thing from the other side: websites with live chat support dedicated to parting you from your hard-earned revenue.
"The increasing professionalisation of cyber gangs means CISOs need to put in place the right security controls to protect their organisations," says KnowBe4 security awareness advocate Javvad Malik. "Nothing is a case of ‘set and forget', and continual improvement needs to be made to stay a step ahead of the gangs."
Threat intelligence is crucial, of course, but so is information sharing. For too long, commercial organisations have tried to stand alone against cybercrime, but talking to your peers, and even your rivals, can mean the difference between paying a ransom and it never striking in the first place.
"Incident response and recovery should not be an afterthought, either. CISOs should know what to do in the event of an incident including knowing how to notify law enforcement, regulators, customers, partners, employees, and even the media," says Malik.
Enforcement agencies and governments have promised to get tough on cybercrime, with some urging peers to treat ransomware attacks with the same priority as terrorism, and others working together in cross-continental operations - and it all adds up.
"We've seen law enforcement take down some large cyber-criminal gangs recently. While this is a time-consuming process that involves international cooperation, it can be very effective in disrupting criminal activities.
"Just seeing more cyber criminals arrested and sentenced to prison can act as a massive deterrent to others who may be considering entering into crime as a profession."
These moves have come too late to discourage the recent tide of ransomware attacks that have swept the world in the last eight months: from Solarwinds to Colonial Pipeline, JBS and Kaseya. The first and last of these were supply chain attacks: by compromising just one company, the hackers were able to breach hundreds of the victims' customers.
Supply chains are notoriously difficult to secure, though Malik says there are steps to take that can help, including:
- Conducting business impact assessments
- Knowing and understanding all partner organisations
- Having the right policy and legal clauses in contracts
- Communicating clear security needs with partners
- Having technical assurance in place
- Putting in place a joint incident response plan that maps out all responsibilities
- Having an exit strategy to leave any relationship
Several of these attacks, and many others like them, were successful due to phishing and other social engineering tactics. A collaborative culture, where employees are encouraged to talk to the IT team (rather than staying silent for fear of punishment), should be your first line of defence when it comes to bolstering the human layer of your security.
Building or changing a culture can be a slow and laborious process, but it will pay dividends. It's important that everyone is on-board, though - including the executives.
"A top-down approach is the ideal approach - CEOs and executives play a big part in creating the organisational culture. But that's not to say that a culture can't go from bottom up or from middle out.
"What's important to remember is that culture building is a slow process that often takes years to embed within an organisation, so consistency is key."
The presence of cybercrime is a constant, but the way it manifests is always changing. It's important for both you and your employees to stay informed, and have clear lines of communication, to effectively combat the threat.