Published on May 21st, 2015 | by admin
You Don’t Have to Go it Alone
Cybercrime continues to grow and there’s no sign that it will slow down anytime soon. Of all the hacking, including Hacktivism, Cyber Espionage, and Cyber Warfare, Cybercrime eats up the biggest piece of the pie (roughly 55%). On top of this, almost 30% of the attacks are focused on industry, with government attacks being the next closest at 14.9%.
This trend indicates the biggest push of cyberattacks is focused on making money for the criminals behind the attacks and the hottest commodity seems to be Personally Identifiable Information (PII). With the latest breaches of healthcare companies like Anthem, Inc. netting millions of customer PIIs, identity theft has become big business. According to an NPR report, Medicare ID numbers sell for as much as $4,700 USD apiece. While not all of the 80 million or so records compromised at Anthem will have Medicare ID numbers associated to them, even 10% would still be a monstrous payday.
Customer credit card information is the other big draw. When cyber criminals have months to pick through the network they’ve breached, with no one any the wiser, credit card numbers can be sold and used before anyone knows the information has been compromised. Financial institutions are usually the first to see the fraud and start looking for patterns and a common merchant. For the merchant or company breached, the costs don’t stop with cleaning up and securing their network or the loss of customer trust. Hacked retailer Target, for example, is experiencing the next phase of post breach fallout by being the focus of a ten million dollar class action lawsuit from customers whose information was stolen.
The unfortunate truth is, with criminals focused on nothing but identifying how and where a specific company is vulnerable, the odds are against the company coming out on top. What options does a company have to mitigate their risk?
While continuously evolving to stay ahead of the changing threat landscape, the FBI and DOD’s cybercrime units exist today to investigate breaches and identify perpetrators after the fact. This quick identification offers some relief to enterprises, but if the perpetrators have had months to harvest data on their network without any knowledge of the breach, the worst of the damage has already been done.
It’s paramount that organizations capture and store network traffic over an extended period of time for historical context in post-attack investigations. All normal traffic identified and captured will serve as a base state. This won’t only help to quickly identify a breach, but will also provide an added level of security from malicious actors. In reviewing abnormal traffic outside the baseline, a skilled and trained eye can spot when and what sensitive or confidential data was accessed. This doesn’t always mean the intrusion was malicious, of course; but, interactive reporting and visualizations bring suspicious activity to the forefront for further research.
Additionally, the growing awareness of how disruptive and destructive cyberattacks are and could be has led to initiatives on the part of the national government to curb the impact. On April 23, 2015, Defense Secretary Ash Carter spoke at Stanford University about his plan to collaborate with Silicon Valley companies to address cyber security threats as a team. His plan is to look to the future, leveraging and staying abreast of technology. He sees the need to be more proactive and assertive. This isn’t a blueprint for just the government working with corporate security specialists, it identifies a scalable framework that can be used by companies large and small that have a network presence that needs to be protected.
Having already supplied law enforcement agencies and national governments with communications analytics and network forensic solutions, SS8 is uniquely positioned to combat the effects of cyber security attacks on enterprises. We’ve designed our solution to go beyond identifying suspicious trends of data exfiltration alone: we also enable you to collect and store years’ worth of communications data using state-of-the-art compression technology, automate third party thread feed analysis backwards in time over your network traffic, and locate specific communications on your network sooner. Not only will you identify malicious acts, you’ll also more quickly and easily derive the insights you need to rapidly remediate post-attack.
You don’t have to go it alone. Learn more about SS8’s Communications Insight for Enterprise here.