The costly age of cybercrime
Eric Eifert, senior VP of Managed Security Services at DarkMatteron rising costs of cybersecurity.
The image of the lone hacker, sitting in a dark basement and sending thousands of spam emails hoping to ensnare some unwitting victim for a few hundred dollars, is utterly outdated.
What has emerged is much scarier. A sophisticated global criminal enterprise made up of well organised groups able to rake in millions of dollars from cybercrime.
On the other side lie the security industry, itself a vastly expanding industry, working to target and neutralise the myriad cyber threats and breaches.
Eric Eifert, senior vice president of Managed Security Services at DarkMatter, cites data from Cybersecurity Ventures which shows the cyber security market in Middle East and Africa projected to grow to US$ 13.43 billion by 2019. Compound annual growth rate between 2014 and 2019 is expected at 13.7 per cent, with this market contributing 7.19 per cent of the global market, which is forecast to grow slightly to 8.62 per cent by 2019.
DarkMatter is a UAE-based cyber security company providing a wide range of security services and solutions to governments and commercial clients.
How much organisations spend on cyber defence varies across industries.
It is difficult to establish an ideal percentage of IT spending on cyber security within the Middle East because there is a wide range in cyber security maturity across the region, notes Eifert. The less mature an organisation the larger percentage they should spend to reach a level of maturity that is consistent with the rest of their global peers, he adds.
Financial loss from breaches can fall into many categories to include direct and indirect losses.
Direct financial loss can be when a cyber attacker steals money from a financial institution like witnessed in the recent SWIFT (Society for Worldwide Interbank Telecommunication) attacks. Another example of a direct financial loss is if a financial institution has information stolen and the attackers are extorting funds from the institution to prevent the disclosure of that stolen information.
“In cases facing direct or indirect loss, we identify the same types of issues requiring resolution in order for entities to formulate a cohesive and effective cyber security posture. Organisations need to understand their cyber risk profile before any mitigation can begin in earnest,” Eifert asserts.
This approach involves organisations understanding their assets, the full range of threats they may face and the vulnerabilities. “Once the cyber security function of the company has a firm handle on its risk profile it can then move to take appropriate steps to implement a cyber security programme, which is effectively a three-part process encompassing visibility, intelligence and integration,” Eifert says.
Eifert explains that true visibility means thorough understanding of the assets, configurations, and users of your company’s network, systems and information. Large companies in particular, often maintain networks patched together over decades, running different generations of hardware and software.
“It’s a simple truth that you can’t protect what you don’t understand; a thorough audit is vital to create a baseline and then a process to continually monitor the environment for changes helps to maintain that visibility. Sophisticated mapping software can certainly accelerate this process, but ultimately a comprehensive audit requires people on the ground to help discover all the assets,” Eifert explains.
Intelligence helps an organisation understand the threats it faces as well as the vulnerabilities it is susceptible to. A threat intelligence platform can help to consume threat feeds from multiple sources and present actionable intelligence to an organisation. A robust vulnerability management programme will continually evaluate the environment to identify vulnerabilities that can be exploited by adversaries, Eifert explains. Even information sharing programmes between industry peers and government ministries can help to increase the intelligence of an organisation and better prepare for and potentially prevent a cyber-attack.
Integration aggregates the information found in the other two phases, and displays them in a format that can be readily understood by decision makers to enable them to act quickly. “A well-integrated environment can be leveraged for security orchestration, workflow automation, rapid mitigation and remediation. This will allow organisations to limit losses and damage caused by a cyber-attack as well as potentially prevent an attack from being successful,” Eifert says.
A large chunk of organisations’ IT budgets is going to cyber defence. Eifert says that’s a good thing, to a point.
Generally speaking, the more investment, the higher protection, he explains. However, organisations really need to understand what their risk profile is in order to identify what level of protection is appropriate. “Depending on the nature of the risks, the risk tolerance of the organisation, and the risk mitigation measures necessary to reduce the risks to acceptable levels, this will determine how much will need to be spent.” Eifert explains.
The organisation also needs to determine how much needs to be spend on capital expenses (CAPEX) and operational expenses (OPEX). There is little point in investing heavily in cyber security infrastructure if they cannot hire appropriate staff to operate the infrastructure, Eifert says.
Organisations need an end-to-end visibility of their infrastructure and security needs thereof as a vulnerability in one place can lead to a cascading effect of breaches throughout the network.
Eifert cites SWIFT international financial transaction system hack that focused attention on the potential cascading threat of an interconnected yet not fully integrated system. Hackers were able to take advantage of vulnerabilities at Bangladesh Bank’s systems in order to effect a series of fraudulent transactions, and security lapses throughout the network meant they were able to successfully remit tens of millions of dollars that are unlikely to be traced.
“This particular example proves that a security framework is only as strong as its weakest point, and thus it is necessary for organisations to assume a state of breach while investing in end-to-end cyber security. This approach is meant to enable organisations to move nimbly through the cyber security stages of planning, detection, protection, and recovery should an incident occur,” Eifert adds.
Direct financial loss is not the only headache victims have to deal with.
These losses can be in terms of reputational impact, higher insurance premiums, law suits, loss of customers, lower stock value, etc. Eifert notes.
Ultimately, transactions in the digital world are only sustainable should trust be present and enforced. “This is precisely the reason why DarkMatter believes that more and better security and trust typically improves the entire operation of the transaction eco-system. If implemented correctly and consistently, cyber security is a business enabler, and a GDP growth driver. The more secure entities and individuals feel in their digital environments, the more they will utilise them, generating more economic activity to all parties’ benefit,” he adds.
DarkMatter’s novel approach to cyber security can help regional organisations mitigate against these threats.
DarkMatter specialises in one thing, and that is cyber security, asserts Eifert. “Within that one specialisation we do everything from implementation, remote management, and consulting, through to engineering, auditing, and risk assessment,” he adds.
Eifert says DarkMatter was created to help secure nations, organisations, and individuals operating in an increasingly digitised and interconnected world from cyber threats. “What we recommend to all our clients is for them to adopt a risk based approach to cyber security in which they assess their cyber risk profile and implement the appropriate security controls and mitigation strategies to have a level of protection consistent with their risk tolerance.”
DarkMatter can help organisations in multiple ways, first by assessing their cyber risks, identifying existing vulnerabilities, and determining if they are already a victim of a cyber intrusion, Eifert explains. The company can then work with the organisation to identify the most appropriate security controls and perform an audit to determine their level of compliance with these security controls. After the audit, a gap assessment can be conducted to identify areas for improvement to increase the security posture of the organisation. DarkMatter can then help by recommending initiatives to fill the gaps and prioritise those initiatives to focus on the most critical investments. “We work with our clients and provide a clear strategy on how each investment can reduce risk and increase security,” he adds.
This approach adheres to the DarkMatter Cyber Security Life-Cycle, which is a four-stage approach encompassing planning, detection, protection, and recovery.
“Given the criticality of information, information systems, and the interconnectivity of everything; cyber security can no longer be viewed as a ‘nice-to-have’ element of modern economies, but rather should become a central building block to organisations,” Eifert concludes.