Why is there an obsession with where a cyber-attack originates?
In recent reports about attacks on SWIFT (the global financial messaging service) at various banks, there was speculation that it may have been the work of well-skilled and motivated groups creating malware. There was also reference to the potential involvement of North Korea and, then again, maybe not.
But what does knowing this mean for organizations? While stories of “attribution” (i.e., who was the culprit of the cyber-attack) have a Hollywood film drama quality about them, it’s rather a pointless exercise when it comes to securing a corporate network.
Knowing where in the world an attack comes from - or the actual name of the attackers - is no more useful than if we are victims of a burglary or theft. We don’t need to know that it was “John Smith” from London; we try to understand what’s happened, what’s missing, find ways to prevent it happening again, contact the police and leave them to investigate.
Indeed, spending time on attribution is not only immaterial; there is a danger the victim uses the knowledge to justify doing nothing about cyber threat. In other words, they feel helpless in the face of sophisticated criminals or rogue nation states. You should leave law enforcement and Government agencies to investigate the possible perpetrators and get on with protecting your own precious information and capabilities.
Responding to a cyber-attack
When attacked, it’s a case of understanding how it happened, what’s been taken, how you can prevent it from happening again and informing your various stakeholders. You need to spend time and money on detection while responding to and recovering from such incidents.
And you must be aware that the level of capability needed to launch a successful attack is relatively limited and this makes enterprises especially vulnerable. Being aware of cyber threat is the first step to upping your game on preventative measures and the ability to bounce back.
Spend your money and time wisely, concentrating on good cyber housekeeping: make sure your latest security patches are up to date, monitor your network and keep firewall logs. Therefore, when something happens you’re in a better position to respond to it and trust in your organization’s level of cyber resilience. Meanwhile, be wary of providers that promise “state-grade intelligence gathering ability”. This is a serious claim for a commercial organization to make and you must question how believable that is.
And when you consider the modus operandi of sophisticated cyber-attacks, most of them involve the interaction of an innocent party, i.e. a computer user in your organization. They are a major vulnerability, but – with the right level of training and cyber awareness – should also be one of the most effective controls.
In the series of steps involved in an attack, breaking one of the steps (known as the “kill chain”) will cause an attack to fail; that often relies on a human making a carefully considered judgement to avoid being compromised online. But this judgement needs the right type of understanding that only regular and immersive learning can achieve.
Training your staff in cyber awareness and the ability to handle a cyber incident is more effective as a preventative measure before an attack happens, rather than a reactive initiative. But whatever you choose to do to secure your organization’s systems and information, thinking about the identity or geographic location of an attack should not be top of your to-do list.
See our RESILIA™ section for more information on cyber resilience.
More AXELOS Blog Posts by Mark Logsdon
EU regulations promise shake-up for organizations’ data protection
Getting a career in cyber security: there’s no better time than now
SMEs, cyber risk and resilience – to invest or not to invest?
Cyber risk and young employees
Is this a Phishing email?
Hands up who doesn't understand cyber risk?
Building cyber education for all
The War on Cyber: Protecting Ourselves Against Weaponization
Cyber resilience: protecting the network or the data?
The perils of cyber-attack – and the new solution
Have you heard the one about the three judges...? A Cyber story to be aware of
Preventing cyber attacks - it's a people thing as much as IT