Symantec offers peek into underground Web
One of the most significant thing about hackers these days, is that they aren’t script kiddies developing malicious code in a darkened corner of their homes. These ‘kiddies’ are all grown-up, and they have taken their dubious activities to the next level – money-making, business-driven and profit-oriented organised crime.
According to Symantec’s senior director of Cyber Security Services, at least five out of the six largest companies globally, have faced targeted attacks, most likely by cybercrime organisations with over 150 hackers.
Businesses now can also buy DDoS (distributed-denial-of service) attacks from organised crime, and there is even SLA associated there. Or organised crime would hire sociologists to make phishing attacks and their fake messages, more believable.
“Sociologists have also worked out that the best time to send out phishing messages, is on a Tuesday. Because ‘victims’ were more likely to do something wrong over the past weekend!” said Sparkes.
A few of the other things that Symantec has observed from their civilian threat intelligence network with hundreds of millions of endpoints that collect threat data, is that targets are shifting.
“Now there is more value in non-perishable information. You can’t change your healthcare info, but you can change your credit card. In the underground economy you could get USD20 for a good health record,” Sparkes pointed out.
At the back of all these happenings, the Internet of Things (IoT) is slowly coming into focus for a lot of sectors. Sparkes said, “IoT is going to transform a lot of industries. Endpoint devices are exploding.”
For example a car could have as many as 400 IP addresses, each sending information to and from the car and a data centre somewhere.
“How do you protect an enterprise with billions of endpoints, from endpoint up to the data centre and all the data that flows in between?
“So you need to look at IoT in totality and the industry is working together to build security into technology instead of layers,” Sparkes shared.
In the meantime, data encryption will be critical, as will protection of the data centre.
“With an ever-expanding perimeter (to protect), firewall solutions have to change and prevention technology is no longer cutting it,” Sparkes said.
This is where Cyber Security Services, or what the industry may call managed security services, comes in.
Instead of a preventive and protective stance, security has to be detect and response, and preferably in real-time.
“Advanced security analytics is needed, and traditional SIEM (security-incidents event management) with rule sets are not good enough. My job at the security operations centre (SOC) is to look for needles in haystacks and do that requires different ways of managing data sets.”
For example, taking two terabytes per hour of data from customers’ sensors, and comparing it in real-time to intelligence data.
“You’d need advanced, next-generation security analytics to make sense of all this data. And basically we are using the same tool sets and technologies that have been developed for big data like Hadoop, machine learning and more,” Sparkes explained.
Ever-widening talent gap
But besides analytics technologies, also needed are the skills to use them.
Currently, the highest demand in the security industry is for security analyst. “Analysts think differently. They think like an attacker, a defender and they understand the business. They are the hardest people to find,” Sparkes pointed out.
More pertinent however is that no man, or rather, no business, is an island.
“Every organisation in the world needs help. Not anyone can do all the parts of security themselves and they need security partners and other organisations to work with,” Sparkes concluded.