Cyber Risk No. 3: Direct Loss From Malicious Acts

English: Outside the fence, Menwith Hill Spy B...
English: Outside the fence, Menwith Hill Spy Base This photo was taken on the ‘Foil the Base’ demonstration in March 2003. Founded in the 1950s (RAF) Menwith Hill has been operated since 1966 by the United States’ National Security Agency (NSA), and has grown to become the world’s largest intelligence-gathering ground station outside the US. (Photo credit: Wikipedia)
In previous posts, we’ve covered how loss or theft of confidential information and loss of reputation can affect the cyber security of a 21st Century business. Today, we turn our attention to direct loss from malicious acts (i.e. hackers, malware).  
So many businesses are open to this risk because they don’t know how to protect their security, leaving them vulnerable to malware threats that can quickly cause advertisers, partners, and customers to abandon ship. 
Perhaps scariest of all, is that no business is immune.
Take the recent case of Tor, the encrypted web security browser designed to allow businesses and privacy-concerned users to browse the Internet without fear of reproach.  Tor had given so many people peace of mind until a recent malware attack, which many are attributing to the National Security Agency (NSA), toppled user confidence.
Researchers claim that malware responsible for bringing down Freedom Hosting, the biggest service provider on the anonymous Tor network, was hard-coded to send information to the NSA, reported TechWeek europe.  In one fell swoop, the product became forever in question.
According to Verizon’s 2012 Data Breach Investigations Report, 69% of data breaches in 2012 were attributed to malware infections. 174 million data records were lost in 855 separate incidents.  The rate of infection grows each year. McAfee, in a The State of Malware 2013, reported they cataloged 100,000 new malware samples each day.  
So what does data theft malware really cost us? Globally, the cost of a data breach averaged $136 per compromised record, up from $130 the previous year (2013 Cost of a Data Breach: Global Analysis, Ponemon Institute and Symantec). With even 120 million data records (69% of the total) from 2012, that’s over $16 billion in loss from malware data breaches.
Here are two things to consider as you attempt to bring security to your business. 

  1. There are many types of malware that can threaten your system’s security, and they’re constantly evolving. You must invest your cyber security dollars with a company that is constantly aware of the changing landscape. Defence Intelligence’s Nemesis 2.0 uses advanced network behaviour analysis in conjunction with real time intelligence to prevent and detect system compromise on your network.
  2. Attacks are inevitable.  Security experts like to say that there are now only two types of companies left in the United States: those that have been hacked and those that don’t know they’ve been hacked.  The news is full of stories of large and small companies that are compromised. Don’t be one of them.
Enhanced by Zemanta

Canadian Security Partners’ Forum – Effective Resource for Security Executives

Canada (Photo credit: palindrome6996)
Canadian security executives have long needed the proper
support system and forum regarding the landscape of security in Canada.  The Canadian Security Partners’ Forum (CSPF)
is answering that need. The Forum is a unique network that in just one year has
grown to include over 80 organizations that represent most horizontals in most
verticals across industry sectors.
The Forum’s success can be traced back to its founder, Grant
Lecky, who has a diverse background in security and risk management and a
strong focus on business continuity planning and emergency planning and
organizational resilience. Lecky was recently acknowledged by Security Magazine for his efforts, identifying him as one of ‘The Most Influential People in
Security 2012’.
Security executives, educators and thought leaders have all
embraced the Forum’s concepts and goals, helping to overcome the isolation of
silos that often gets in the way for most other organizations.
Bonnie Butlin, Executive Director for CSPF, has observed that “you usually don’t see such swift growth in helpful agile networks. It’s more
often observed in threat networks.”
One of the many ways the CSPF helps to work with the
security community is to be a catalyst and facilitator to help inspire
conversations followed by action to build new networks that fill recognized
voids. As the Forum’s Executive Director, Butlin tracks trends in the news as
well as in forum discussions to identify gaps in the community, and then brings
them forward to be addressed by the Forum participants. By proactively engaging
discussions on observed trends the Forum and its participants can respond to
topics of concern as they arise, not just after the fact.
In the upcoming October issue of Vanguard, CSPF
will be featured in an article outlining just how effective the organization
has become in addressing the foundation needs in joint force development. The
article is based on the Joint Staff’s study “Decade of War Volume I: Enduring
Lessons from the Past Decade of Operations”, which highlights 11 strategic themes
for enabling responsiveness, versatility and affordability for collaborative
mission focused groups. Originally used as a post-Iraq evaluation, the themes
are applied to the security community and the CSPF.
Defence Intelligence is proud to support the CSPF and the
security community at large in proactively combatting threats to Canadian and
North American networks.

Enhanced by Zemanta

AV Plays Catch Up

No security or AV company is equipped with a procedure, independent of hardware or personnel requirements, that can easily keep up with the daily barrage of newborn threats. Shadowserver shows they receive daily unique binaries numbering in the tens of thousands. With the mass amount of malware being created and distributed across the internet, each security company is left with the burden of being unable to “catch ’em all.”

They must then employ a prioritization method of analysis, often leaving data too long in the queue, some collecting dust. Some security companies concentrate on searching for malicious domains and IPs while others concentrate on binary identification, many using a hybrid approach. All, however, are in search of a way to efficiently label these variables as malicious or benign, trying desperately to keep pace with the release of new malware.

AV companies have of course felt the strain of keeping up with the Joneses and for fear of looking inferior have made the choice to often “borrow” the conclusions made by other AV groups.

According to this “Analyst’s Diary” entry at Kaspersky Lab, an experiment was used to show just how often AV groups rely on one another to categorize samples as malicious in order to appear up to date. From the blog:

“We created 20 clean files and added a fake detection for 10 of them. Over the next few days we re-uploaded all twenty files to VirusTotal to see what would happen. After ten days, all of our detected (but not actually malicious) files were detected by up to 14 other AV companies…”

I can’t exactly blame those copycat AV companies for trying to stay on par with others. There is constant pressure, of which all security groups are aware, to try and balance reputation, integrity, and effectiveness. Trying to avoid false positives means evil may slip by unnoticed, while avoiding false negatives means sacrifices in accuracy. A series of check systems could be put in place but often there is insufficient detail or time for quality assurance, and delays in the conviction process detracts from the goal of real-time protection.

Security researchers often collaborate in some way, perhaps only in certain circles, but we do so because each performs their own independent analysis in their own area of expertise, bringing unique input to the table. Our products should behave no differently. Only shared information that meets certain quality requirements should be used, according to the individual company’s ruleset. If a company or security product has nothing to contribute and only relies on the work of others then it has little purpose in this industry, (yet may find success with the right marketing). However, a company will struggle greatly if they dismiss or completely separate themselves from the security zeitgeist.

In recognition of this need for both dependence and originality, Defence Intelligence is working to bring security and internet architecture groups together to create something new and more complete. We want to make a product that takes a more global approach to the threats we’re facing, but also bring a confidence and purpose back to our industry that seems to have waned. A strong offence may rely on a good defence but we need both if we’re ever going to make real advancement on this battleground.

Matt Sully
Threat Research & Analysis

Reblog this post [with Zemanta]