Security Think Tank: Education, process and technology key to security challenge

Does the theft of $1bn from global financial firms by the Carbanak gang show it is time to seek new technologies or improve business processes?

There is a need across all areas of industry, commerce and government to improve business and operational process and to get more from existing technologies that have already been deployed.

There are many examples of organisations of all sizes purchasing technology at significant costs which then fail to effectively deploy the capability to maximise the benefits offered. This is often due to a lack of the necessary skills or processes needed to support the efficient configuration, integration and operation of sometimes quite sophisticated tools.

There is also a huge need for European security companies to step up to the plate and develop new and innovative technologies, as the marketplace and indeed the cyber space remains dominated by North American players across all facets of the internet and the worldwide web.

The Intelligent Fusion™ of security by default across human factors, operational processes and the integration of technology with predictive capabilities is essential to a robust defensive position. 

Additionally, Anomaly Analytics™, which uses supercomputers and graph analytics which allow billions of events to be analysed in hours rather than weeks to identify low and slow command and control compromises, is one new and emerging technology that is helping to address the fight against cyber criminals.

However, even with the best tools and systems there is no greater asset than a sharp, bright, creative and motivated human brain.

A clever and persistent cracker or hacker with less access to a high level of sophisticated tools is always likely to be more successful than a less capable person with the best of technology. 

So a winning strategy to beat the cyber criminals has to be one that combines the use of often expensive talent with the best tools an organisation can supply them with and training to ensure they can really sweat every asset at their disposal.

As an industry, we also need the regulators and policy-makers across the European Union to fully understand that criminal gangs – which often operate in countries that do not have any kind of legal framework – have a job to do, a clear objective and the freedom to operate in ways that those operating on the right side of the law often do not

Personally identifiable information (PII), which includes information such as national insurance numbers, medical records and driving license numbers, is now more valuable than credit card information on the dark web, and we now live in a world where almost 2,000 records are compromised every minute of every day. 

According to the Cyren 2015 Cyberthreat Yearbook, 2014 was the year of the mega-breach, with a 78% increase on 2013 figures. It also points to a 144% increase in successful cyber attacks on businesses generally. 

With 2015 beginning with news of Carabanak and the theft of up to an estimated $1bn from around a hundred banks and financial institutions in 30 different nations, we have to wonder if this is the tip of the iceberg and if there are more compromises that go unannounced or are still to be identified.

One thing that would seem certain is things need to change in some way, society needs the cyber pendulum to swing back in favour of the citizen and we need to make it so much harder for the bad guys to do what they do. 

The risks for them are still low in comparison to the rewards and whoever said crime does not pay clearly lived in an age before the internet became part of our lives – $1bn of cash extracted from the system would suggest that crime most definitely does pay, with customers ultimately the losers as the banks seek to cover their losses through increased charges.

So the solution requires a combination of better education, increased awareness, improved and integrated processes, as well as new and innovative technologies, all supported by a legal and regulatory ecosystem that supports safe use of cyber space. And we need to get there fast, which is easier said than done.

Mike Loginov is the Information Systems Security Association UK secretary, vice-chair of the National MBA Cyber Security Global Advisory Board and founder and CEO at Ascot Barclay Group.

Read more on Hackers and cybercrime prevention