Tierney - stock.adobe.com

Security threat landscape becomes more organised and business-like

Approaches to securing the enterprise need to change in the face of a rapidly maturing threat landscape

Traditional approaches to enterprise and public sector security are becoming obsolete in the face of more organised gangs of cyber criminals who treat cyber attacks essentially as a business, according to David Ferbrache, global head of cyber futures at financial and consultancy services house KPMG and chair of the National Cyber Resilience Leaders’ Board for Scotland.

Speaking at a Westminster E-Forum event in London, Ferbrache said that using the term “cyber” as a catch-all for security was becoming less useful, because as society moves to a digital foundational model, it is threaded through every aspect of daily life.

For example, he said, many real-world or kinetic crimes will involve some element of cyber crime to enable their success.

“Cyber is getting everywhere and there’s a definitional issue now,” said Ferbrache. “Cyber crime is a very rationalised, commoditised and organised model.”

In a blunt assessment of the cyber security threat landscape, Ferbrache referred to acknowledged trends around phishing and malware attacks, where cyber criminals are now stalking their targets and tailoring their attacks to them for maximum impact, rather than taking the scattergun approach of yesteryear.

Ransomware is more targeted and tailored,” he said. “Organised criminals now break in, do reconnaissance, work out where they are, who the target is, what they can steal and how much ransom they can extort. These attacks are becoming more business-savvy. Organised crime is less crude than it used to be.”

Other organised crime groups are targeting enterprise supply chains – such as in recent attacks on Airbus and other aviation firms – because organised criminals have now worked out that many large enterprises are getting a lot of the cyber security basics right these days, which means they have to look for weaknesses elsewhere.

Ferbrache warned that IT managed service providers were particularly vulnerable to being unwittingly drawn into a cyber attack “because they give a root into multiple clients, especially if you can compromise a cloud service”.

Read more about cyber security

  • Mailing and shipping services firm Pitney Bowes is in recovery mode after key systems were encrypted by a malware attack.
  • Research by Cisco’s Talos threat intel unit has identified a new click fraud campaign targeting people looking to jailbreak their iPhone devices.
  • CrowdStrike has published details of a coordinated campaign of cyber espionage and hacking, forced technology transfer and physical theft as China seeks to gain an advantage in the commercial aviation industry.

He added: “Large firms in some verticals are beginning to see it is in their best interests to take a more secure approach to supply chain contracting. It’s inconsistent, though.”

Ferbrache also warned that it is currently “open season” on Microsoft Office 365 installations, largely through attacks that reuse compromised credentials to gain access to target accounts and, once inside, use them as a vector for wider email compromises, or to trigger fraudulent financial transactions.

However, Ferbrache, who used to run red team penetration-testing at KPMG, also said he was not as negative about the state of enterprise cyber resilience as he used to be. More businesses are becoming aware of their vulnerabilities and are addressing those, he said, which meant it was harder to take the view that cyber criminals are “winning”.

Read more on Hackers and cybercrime prevention

Data Center
Data Management