Cybercrime is organised, innovative and quite frankly, big business. Almost every day there is a new attack reported. Cybercriminals are not just getting more confident, they are growing in power and sophistication and money isn’t the only factor that is driving them. Today, the complexity of the hack and their online reputation motivates an attack. The UK National Crime Agency (NCA) recently released a report that found cybercriminals were encouraged by overcoming programming challenges, improving their skill with web and networking technologies and were driven by their curiosity to understand the best modifications and cheats.
This surge in cybercrime driven by a variety of motives, means businesses are under a constant threat of attack. To put this into perspective, the average large enterprise experiences 70,000 security threats per week and according to Cisco’s Annual Cybersecurity Report, more than a third of organisations that experienced a data breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent.
But how can businesses identify what is a genuine breach and what is not, otherwise known as a ‘false positive’? The act of checking and identifying whether a security threat constitutes as being real or fake can be incredibly costly and time-consuming and this process cannot be carried out by humans alone. More importantly, it cannot be done within the realms of working hours. Businesses must activity hunt for threats and not sit back and wait for them to appear in an hour that is most convenient to them. Cybercrime is a 24/7 operation.
It is, therefore, vital businesses implement a threat hunting service that spots anomalies and trends. For example, if a server suddenly becomes 10 times more active than usual, it could be a criminal stealing data that needs to be blocked. Cisco Advanced Threat Analytics does just that and uses the network as a sensor to hunt down threats. This around the clock threat hunting is needed to ensure trends, peaks and troughs are recognised, alerted and acted upon.
Constantly searching for threats needs to be a way of life and adopted by businesses as normal practice. Having designated technology in place that acts as the Sherlock Holmes of the cyber world, constantly gathering vital intelligence brings unprecedented benefits to businesses, from reducing wasted time and cutting unnecessary costs and potentially, saving a business. Humans are and will continue to be, the weak link when it comes to cybersecurity. No matter how security savvy a person, cybercriminals will continue to work tirelessly to make you click on a compromised link. This is known as the seven-step cyber kill chain.
The bad guys are constantly searching to identify possible targets and ways to attack their victim. Once found, they rapidly move onto luring users in through social media or an email that dupes them into unsafe activity and from there, add a ‘dropper’ file containing malware on a vulnerable system. Now the cybercriminals are in, they are able to control the system, steal data, encrypt it and damage operational systems.
Hackers are clever, but not as clever as the combination of intelligence, analytics and technology. By introducing a culture where active threat hunting is not a luxury, but a necessity, can not only can business identify breaches, they can ensure that they remain once step ahead and regain control of the multi-motivated cyber-storm. Threat hunting isn’t a 9 to 5 job. Threat hunting never sleeps.