Cyber crime: Responding to modern terrorism

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.officer.com/article/12048678/public-private-partnerships-a-way-to-tackle-well-organized-and-sophisticated-cyber-criminals

The cyber threat landscape is changing rapidly. Organized crime, cybercrime
syndicates for hire, and nation-state actors are motivated by substantial
financial gain, intellectual property theft, and the threat of offensive
actions.

Threats to critical infrastructure are real. Hackers and other
cyber-criminals are not only interested in ripping off banks; the threat
landscape also includes targets that range from banks to phone companies to
water and sewerage providers to public transportation networks and
government institutions.

The tenth biggest threat to the stability of the world in the next ten
years comes from the risk of cyber attacks, according to World Economic
Forum’s 10th edition of the Global Risks report, published in January.
Failure of climate change adaptation, major water crises, and cyber-attacks
are all high risk and, worryingly, rate ahead of failure of critical
infrastructure based on their likelihood and potential impact.

Not surprisingly, cyber security was a hot topic at this year’s World
Economic Forum, the global gathering of CEOs, world leaders, and other
power players in Davos, Switzerland. Attendees were warned that attacks on
power plants, telecommunications, and financial systems—even turning
traffic lights green—are the terrifying possibilities of modern cyber
terrorism.

Jean-Paul Laborde, head of the UN’s counter-terrorism unit, highlighted
increasing links between organized crime and extremist groups, such as
ISIS, which he said were now combining to launch cyber attacks. Laborde
called for an international legal framework to bring these criminals to
justice.

With a host of well-publicized data breaches last year—including the Sony
hack and hackers supporting Islamic militants’ takeover of a U.S. military
command’s Twitter and YouTube accounts—it is clear that cyber attacks
aren’t going away anytime soon. While there is a significant difference
between what is a large data breach and the hacking of a Twitter account—in
what the Pentagon called an annoying prank that did not breach military
networks or access classified data—both incidents are being taken seriously.

More collaboration from government and private enterprise

To be sure, governments are taking cyber security more seriously, kicking
off 2015 with a round of announcements across the globe.

President Obama announced new cyber security legislative proposals and
other cyber security efforts, asking Congress to pass new legislation to
combat what he called “the evolving threat of cyber-attacks” while warning
that the U.S. faces heightened risks if policymakers don’t act. Lawmakers
have signaled that they plan to act on some version of new laws to defend
against cyber attacks, but deliberations are still in the early stages.

Obama’s budget proposal for the 2016 fiscal year seeks $14 billion to pay
for cyber-security efforts across the government. Among various measures,
the White House is requesting $227 million for construction of a Civilian
Cyber Campus designed to spur public-private partnerships.

Obama is also introducing cyber security legislation that will encourage
private sector companies to share cyber threat information with the
Department of Homeland Security’s National Cyber security and
Communications Integration Center (NCCIC) which, in turn, will share it
with both relevant federal agencies and the private sector. This
legislation would also encourage private sector businesses to share
information among themselves while protecting customer privacy by removing
unnecessary personal data.

It is encouraging to see the U.S. and governments worldwide taking these
kinds of steps to improve the defense of our businesses and critical
national infrastructure. Australia’s cyber security review, for example, is
led by the Department of Prime Minister & Cabinet, but involves a mix of
intelligence and law enforcement agencies, private sector
telecommunications and technology providers, and international voices. It
is anticipated that this trend will continue to grow globally as
governments acknowledge they need to work with the private sector in order
to tackle this growing problem.

Critical intelligence and information sharing

It is also promising to see private sector companies working closely with
the authorities when a data breach is detected. Anthem Inc., the country’s
second-largest health insurer, recently announced hackers had broken into a
database containing personal information for about 80 million of its
customers and employees in what is likely to be the largest data breach
disclosed by a healthcare company. While investigators are still
determining the extent of the incursion, Anthem said it is likely that
“tens of millions” of records were stolen.

Since the discovery of suspicious activity on its network, Anthem shared
with HITRUST’s Cyber Threat Intelligence and Incident Coordination Center
the MD5 malware hashes, IP addresses, and email addresses used by its
attackers. This crucial observable information was shared anonymously with
the HITRUST C3 Community through the automated threat exchange. It was
quickly determined that the IOCs were not found by other organizations
across the industry, and that this attack was believed to be from a
targeted advanced persistent threat actor.

Federal law requires healthcare companies to inform consumers and
regulators when they suffer a data breach involving personally identifiable
information, but they have as many as 60 days after the discovery of an
attack to report it. This incident has really raised awareness within the
healthcare sector and other sectors about how critically important an
intelligence—and information sharing—coordinated response can be. To this
end, the FBI praised Anthem for its “initial response in promptly notifying
the FBI after observing suspicious network activity.”

Greater investment in cyber intelligence technologies

Detecting threats within the firewall, and as they develop, is certainly
not a simple task. In today’s threat landscape, companies subject to
high-profile attacks like Anthem, Home Depot, and Target must contend with
extremely sophisticated intruders who constantly change and refine their
methods, and insiders who abuse legitimate access rights to manipulate and
steal data.

There is also no instruction manual for companies with details on how those
intruders will behave. A clever intruder may lie low within an organization
for weeks or months, conceal his movements within the noise of a busy
network, and remain undetected for a long period of time. Similarly,
insiders are extremely difficult to spot because a lot of what they do may
be legitimate, while a small but significant part of their activity is
threatening. In other words, both intruders and insiders may be hiding in
relatively plain sight.

According to Gartner, 60 percent of enterprises’ information security
budgets will be allocated for rapid detection and response approaches by
2020, up from less than 10 percent in 2012. Smart companies and governments
are no longer relying on the implementation of information security
policies or traditional perimeter cyber security tools. They are now
actively building cyber intelligence capability to manage the cyber risk,
reducing the unknowns likely to impact their operations or economy.

Data analytics can monitor patterns across a company’s computer network,
map what is normal activity, and detect previously unidentified APTs as
manifested in anomalous occurrences in the network and devices. Analysts
are alerted to suspicious connections between seemingly unrelated events or
known entities of interest, as well as recurring visits from suspicious IP
addresses or malicious domains. Again, IT and information security
personnel are able to manage threats more effectively if they are detected
quickly.

Companies increasingly are acknowledging that advanced cyber threats are an
unsolvable problem, but the benefits of being connected to the Internet
outweigh the risks. Cyber security is a responsibility shared and managed
by all—the public sector, the private sector, and the general public.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!