Outside expertise is the key to fighting cybercrime

Security is a hot topic these days, and for good reason. High profile examples, like the data leaks at Sony, Ashley Madison and, most recently, Time Warner Cable regularly hit the headlines. But they are just the tip of the iceberg.

According to a survey conducted by BSA-The Software Alliance and the University of Hong Kong Social Sciences Research Centre (HKUSSRC), at least seven million hacking attempts hit enterprises all over the world each day.

To combat worsening ransomware cyber-attacks, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) this month launched the “Fight Ransomware Campaign” to strengthen the readiness of Hong Kong businesses and general public against such attacks.

Some industries, such as banking and finance, are better prepared. But others, like critical infrastructure providers (power generation or water supply) traditionally have a relatively loose grasp on their infrastructure and IT systems. Add the fact that they are embracing IP enabled networks or allowing third party access to their Operations Technology, and you have a recipe for some serious threats.

Solutions boom

Naturally, this threat landscape has created a boom in security solutions. However, it has also resulted in a highly fragmented market place that is characterised by a variety of technologies designed to tackle specific problems. Many technology start-ups only tackle part of the problem.

Enterprising criminals are also investing in their businesses. That means hiring their own hackers and buying malware, which is now a commonly traded commodity. The entire process is easier than ever thanks to the advent of resources such as the dark-web, where unsavoury individuals can work anonymously in a borderless environment. Tools are easy to access and the risk of getting caught and punished, is lower.

In the last five years, the importance of cyber security in enterprises has become an organisational problem. And the embarrassing lessons drawn from breaches where cyber-security was not addressed has prompted C and board level executives to pay attention.

Security threats are nothing new

However, while outbreaks like WannaCry have highlighted the risk associated with threats like ransomware, unfortunately they are more of a distraction that can mean a lack of focus on a more network-wide strategy.

The main point about ransomware is that it is nothing new. This type of attack to exploit a known vulnerability has been around for a long time. The purpose of such an attack is to have a high volume with high impact. With a good patching regime and other standard security policies and procedures in place, organisations have nothing to fear from such campaigns.

There are plenty of bigger and more common weak point in organisations. Take device management, for example. That means keeping servers and other infrastructure patched and up-to-date – something that is all too frequently overlooked.

Cyber security is still addressed in a very siloed way with network, application and end-points all working separately. They are trying to address threats cross-functionally, where hackers expose threats across the stack more easily.

What’s the answer?

Today there is no shortage of expensive and complicated security products available. However, spurred on by FUD – Fear, Uncertainty and Doubt – organisations often acquire new technology in a siloed way to address a specific threat. Once these new technologies are deployed, organisations quickly realise they do not have the expertise to manage and operate these devices. This can not only cause strain on resources but also have the effect of creating more security problems than it addresses.