Time to Test Defences

We need to recognize that the cybercriminals who carry out today's attacks are professionals. They are well funded, well resourced and they bring in the right expertise to do the job they are paid to do. They are often in it for the long game and they will work for days, weeks, months or even years to find a weak link and exploit it.
|

Thursday 18th July could be an interesting day for some 40 Wall Street firms, including banks, exchanges, and brokerages, as they experience Quantum Dawn 2, a simulated cyber attack that will hit them to test their preparedness for cyber defence.

Organized by a number of US Federal Departments including the Department of Homeland Security and the Securities and Exchange Commission, the cyber drill aims to test just how well these companies and organizations can react and collaborate in order to protect their cyber assets.

I applaud this action and wonder why other Governments do not do something similar.

Hardly a day goes by without a story in the media about another cyber attack on critical infrastructure - indeed the BBC is reporting one today on South Korean institutions. It is about time organisations realize that the 'rules' of the game have changed and whether it is state sponsored attacks, activism or 'good old' financial gain that motivates the cyber attackers, it is now not a question of if you get attacked, but when it will happen.

For years the cyber security industry has talked about the latest silver bullet that will protect against the latest threat. But as sure as there will be rain at the Wimbledon tennis, the cyber criminals will find a way to avoid the protection and will get into the corporate network. Often that route in is not the most obvious one - in one of the most damaging hacks of modern times, the cyber criminals got into a security business via someone in the HR team. And then from there, they spread around the business looking for a way to the information they had really come for.

Security is now as much about visibility of your whole network and the ability to put context around some of the events happening there, as it is defending the bad guys getting in in the first place. After all, if you know a particular application is not supposed to access the Internet to do its job, and it does, then it should flag to you have you have a potential problem or be an Indicator of Compromise.

We need to recognize that the cybercriminals who carry out today's attacks are professionals. They are well funded, well resourced and they bring in the right expertise to do the job they are paid to do. They are often in it for the long game and they will work for days, weeks, months or even years to find a weak link and exploit it.

After all this is a multi-million dollar, perhaps multi-billion dollar, business and it is time we as business and Government leaders saw it as such and not simply childhood pranks by misguided and bored youths.

Practice makes perfect - as the saying goes, and so we as the cyber security community need to practice and ensure we have the processes and procedures in place so when the inevitable happens, we are ready and can mitigate the damages caused. Only then can we know that we have the best defences in place and the best network intelligence available to ensure that our businesses are not making the news headlines for the wrong reasons in future.

So well done the US authorities for Quantum Dawn 2, and let us hope that other governments follow their lead.