Hacking the hackers : A cyber resilience approach

Pierluigi Paganini March 02, 2015

A cyber resilience approach: the need to become cyber resilient is very essential because eliminating risks completely is impossible.

Hacking emerged as a geeky, tech-oriented culture that was a little mischievous, but ultimately was about programming and finding faults or bugs in the code. It has evolved over time to become a criminal activity. The world looks at a hacker as evil geniuses.

Hacking began in the 1950s and 60s with groups of people who were interested in technology and computers. Hacking culture now includes phreaking, data breaches, privilege escalations, malware injections and remote access tools. Studies show that most hackers are motivated by political, religious or to wreak havoc to an organization or community.

Average time to discover a data breach by organizations were 243 days in 2012, it went down to 229 days in 2013. It then dropped to 205 days in 2014. But unfortunately, even with the advancement of breach detection systems and resources, it still takes more than 200 days for companies to detect that they are being hacked. Kevin Mandia, SVP and COO of FireEye said

“As the events of 2014 demonstrated, there is no such thing as perfect security.”

These statistics also mean that  many organizations may have already been breached and yet remain undetected, giving hackers free reign to move around the internal network and exfiltrate what they want. Organizations looking to speed up breach detection on their own, rather than relying on others, need to improve their data analytics capabilities, prioritize the type of data they want to collect and analyze, and ensure they have appropriate staff who can take the time to review the data for suspicious activity.

Are we lagging behind in Big Data Analytics?

Although many companies are equipped with good traditional security products such as SIEM for handling large quantities of data, most experts believe that, when it comes to big data analytics, tools like Splunk are needed. Some call this 2nd Generation Security Information and Event Management (aka SIEM 2.0).

hackers hacking cyber resilience

Big Data enables various capabilities, for instance, forensics and the analysis of long-term historical trends. By collecting data on a large scale and analyzing historical trends, you would able identify when an attack started, and what were the steps that the attacker took to get ahold of your systems. Even if you did not detect the original attack in your systems, you can go back and do an historical correlation in your database and systems to identify the attack. Big Data allows you to carry out complex queries and receive results in a timely fashion.

The need for a Cyber Resilience Approach

“There are just two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: Those that have been hacked and will be again” says Robert Mueller, FBI Director.

The need to become cyber resilient is very essential because eliminating risks completely is impossible.

Cyber resilience is defined as the organization’s capability to withstand cyber events, and the ability to return to its original state after being disturbed. They are measured by the combination of mean time to failure (MTTF) and mean time to recovery(MTTR). Any company can experience unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace.

This approach emphasizes companies to gather knowledge and expertise when it comes to cyber events. Imagine what if you are hacked, how will your organization respond quickly to contain the impact and recover? The moment a hack is detected, every second counts for the organization. The company should take appropriate actions and steps to handle risks after a hack. A few of the actions as suggested by Symantec are as follows:

  • Risk Profiling – Establish a risk profile and know your exposure.
  • Risk Reduction – Formulate risk reduction initiatives (2FA, Risk Management, Data encryption, backup, Forensics)
  • Awareness – Make the people part of cyber resilience (Educate employees, supply chain)
  • Strategic approach – Use Cyber Resilience as a long term strategic competitive advantage.
  • Cyber Standard – Reference existing framework / Engage Security Vendors.

The Cyber Response Strategy

Moving ahead from a traditional rule based or signature based analysis technique to a heuristic or behavioral based techniques would detect threats within a system at a faster pace. Surely, heuristic analysis is one of the most effective ways to locate every threat of your system as it analyzes the behavior of the files. But it has its disadvantages as well. Sometimes, perfectly fine files are deemed to be viruses when they really are not. In this way, useful files may get quarantined or deleted. Moreover, this method of scanning takes a lot of time, which can slow down the performance of the system.

Cyber security is, and will remain, an evolution. Everyone is on their own journey along the maturity curve. Security leaders must evaluate their place along that curve based on their perceptions of risks and the controls they need to put in place.

Cyber resilience recognizes that prevention is only part of the solution. Organizations must realize the following:

  • Businesses will increasingly measure security leaders not just on what they stop or let through, but on how they respond to what does get through.
  • A breach can happen in seconds, yet the exfiltration takes hours or days and can last for months
  • When it comes to measuring business impact, not all breaches are equal.

Being able to qualify the business risk of the incident by better aligning cyber strategies to business drivers and business risk, security leaders can have a bigger business impact.

The need for a cyber resilience plan is increasing drastically with the amount of data breaches. Deploying new controls and adapting and improving the security strategy will definitely help companies to overcome a cyber event. If the goal of a hacker is to steal or expose sensitive information, and cause havoc and torture for companies that are being breached, what if a company requires very little time or cost to recover from a breach.

Will this eventually reduce hacking incidents?

That would always remain a hypothetical question. Hackers are constantly changing their techniques and tactics with most data breaches, companies should also bring in new approaches for handling these cyber events.

Experts say that traps might be better than walls. Neutralize attackers once they’re inside networks rather than fixating on trying to keep them out.

“There’s no way to guarantee that you never are the victim of cyber attack”. sais Dave Merkel, chief technology officer at FireEye.

The amount of data copied and removed from Sony’s systems should have set off internal alarms long before Sony workers found their PCs taken over by malware, said Mike Potts, CEO of Lancope, a network security company. A Cyber Resilience Framework will primarily include : know, prevent, detect and respond strategy.

In the coming years, many organizations will be adopting such plans and techniques to handle cyber risks and events.

About the Author Ashiq JA (@AshiqJA)
Ashiq JA (Mohamed Ashik) is a Cyber Security Researcher and Writer passionate about Web Application Security, Security research using Machine Learning and Big Data, Deep web, Security technologies and Threat Analysis. He is currently working as a Security Consultant for a financial firm. He believes in knowledge sharing as the best source for information security  awareness. To catch up with the latest news on InfoSec trends, Follow Ashiq JA on Twitter technologies and Threat Analysis. He is currently working as a Security Consultant for a financial firm. He believes in knowledge sharing as the best source for information security  awareness. To catch up with the latest news on InfoSec trends, Follow Ashiq JA on Twitter @AshiqJA.

Edited by Pierluigi Paganini

(Security Affairs –  Hackers, cyber security)

you might also like

leave a comment