Cyber Monday Deal: Up to 60% off InvestingProCLAIM SALE

Beyond the breach - cyber attacks force a defence strategy re-think

Published 08/02/2015, 21:12
© Reuters. File photo illustration shows USB device being plugged into a laptop computer in Berlin
TGT
-

By Jeremy Wagstaff

SINGAPORE (Reuters) - A barrage of damaging cyber attacks is shaking up the security industry, with some businesses and organisations no longer assuming they can keep hackers at bay, and instead turning to waging a guerrilla war from within their networks.

U.S. insurer Anthem Inc last week said hackers may have made off with some 80 million personal health records. Also, Amy Pascal said she would step down as co-chairman of Sony Pictures Entertainment, two months after hackers raided the company's computers and released torrents of damaging emails and employee data.

Such breaches, say people in the industry, offer a chance for younger, nimbler companies trying to sell customers new techniques to protect data and outwit attackers. These range from disguising valuable data, diverting attackers up blind alleys, and figuring out how to mitigate breaches once the data has already gone.

"Suddenly, the music has completely changed," said Udi Mokady, founder of U.S.-based CyberArk. "It's not just Sony, it's a culmination of things that has turned our industry around."

Worldwide spending on IT security was about $70 billion (46 billion pounds) last year, estimates Gartner. ABI Research reckons cyber security spending on critical infrastructure alone, such as banks, energy and defence, will reach $109 billion by 2020.

Several things are transforming the landscape. Corporations have been forced to allow employees to use their own mobile phones and tablets for work, and let them access web-based services like Facebook and Gmail from office computers. All this offers attackers extra opportunities to gain access to their networks.

And the attackers and their methods have changed.

Cyber criminals and spies are being overshadowed by politically or religiously motivated activists, says Bryan Sartin, who leads a team of researchers and investigators at Verizon Enterprise Solutions, part of Verizon Communications. "They want to hurt the victim, and they have hundreds of ways of doing it," he said in a phone interview.

CLOSING THE DOOR

The result: companies can no longer count on defending themselves with decades-old tools like firewalls to block traffic and anti-virus software to catch malware, and then assume all traffic that does make it within the network is legitimate.

Research by IT security company FireEye last month, for example, found that "attackers are bypassing conventional security deployments almost at will." Across industries from legal to healthcare it found nearly all systems had been breached.

"Once an attacker has made it past those defences they're in the gooey centre, and getting around is relatively simple," said Ryan Wager, director of product management at vArmour.

Attackers can lurk inside a network for half a year before being detected. "That's like having a bad guy inside your house for six months before you know about it," says Aamir Lakhani, security strategist at Fortinet Inc, a network security company.

Security start-ups have developed different approaches based on the assumption that hackers are already, or soon will be, inside the network.

Canada-based Camouflage, for example, replaces confidential data in files that don't need it, like training databases, with fictitious but usable data. This makes attackers think they have stolen something worthwhile. U.S.-based TrapX Security creates traps of 'fake computers' loaded with fake data to redirect and neutralise attacks.

California-based vArmour tries to secure data centres by monitoring and protecting individual parts of the network. In the Target Corp breach during the 2013 holiday shopping season, for example, attackers were able to penetrate 97 different parts of the company's network by moving sideways through the organisation, according to vArmour's Wager.

"You need to make sure that when you close the door, the criminal is actually on the other side of the door," he said.

'THREAT INTELLIGENCE'

Funding these start-ups are U.S- and Europe-based venture capital firms which sense another industry ripe for disruption.

Google Ventures and others invested $22 million in ThreatStream in December, while Bessemer Venture Partners last month invested $30 million in iSIGHT Partners. Both companies focus on so-called 'threat intelligence' - trying to understand what attackers are doing, or plan to do.

Clients are starting to listen.

Veradocs' CEO and co-founder Ajay Arora says that while his product is not officially live, his firm is already working with companies ranging from hedge funds to media entertainment groups to encrypt key documents and data.

UK-based Darktrace, which uses maths and machine learning to spot abnormalities in a network that might be an attack, has a customer base that includes Virgin Trains, Norwegian shipping insurer DNK and several telecoms companies.

But it's slow going. Despite being open for business since 2013, it's only been in the past six months that interest has really picked up, says Darktrace's director of technology Dave Palmer. 

© Reuters. File photo illustration shows USB device being plugged into a laptop computer in Berlin

"The idea that indiscriminate hacking would target all organisations is only starting to get into the consciousness."

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.