Economic, geopolitical and diplomatic events are becoming the driving force behind today’s cyber threats, a report reveals.
“By understanding the adversary, how they think, and what events affect their beliefs and motivations, it is possible to better prepare and react,” said the latest annual global threat report by cyber security firm CrowdStrike.
The report is based on an analysis of more than 70 known cyber attackers that examines their behaviour, capabilities and motivations.
“The instant an event that affects the adversary occurs, the clock begins ticking as they process the event via a standard series of steps: Observe, orient, decide, and act. If you can go through these steps faster than the adversary, then you will have the advantage,” the report said.
According to CrowdStrike, CEOs and boards of directors will suffer a loss of revenue, jobs, intellectual property, and shareholder value if they ignore or disregard the ramiﬁcations of the global events which are the primary drivers behind today’s cyber threats.
This shift, the report said, underscores the importance of an effective intelligence capability about the motivations of an adversary.
“The mantra ‘people, processes and technology’ is no longer enough for cyber security. In today’s threat environment, it takes people, processes, technology and intelligence,” the report said.
Global cyber threats
According to CrowdStrike, intelligence is no longer a “nice-to-have”, but has become a mandatory element of stopping breaches.
George Kurtz, CrowdStrike chief executive and co-founder, said the report shows that the paradigm has broadened beyond people, processes, and technology to include integrated, crowdsourced, and enriched threat intelligence.
“The primary motivation behind global cyber activity has shifted from disparate activities carried out by individuals, groups and criminal gangs pursuing short-term financial gain, to skilled adversaries driven by strategic global conflicts,” he said.
Kurtz said that, for example, the economic downturn and Five-Year Plan in China will continue to drive their state-sponsored cyber espionage activities; the situation in the Ukraine and falling oil prices will continue to fuel targeted intrusions from Russia; and the conflict in the Middle East between Saudi Arabia and Iran over Yemen will continue to generate hacktivism from that region.
The report details the key factors shaping the targeted intrusion campaigns of nation-state adversaries such as China, Russia, Iran and North Korea. It also highlights the rise of extortion-based criminal operations including use of ransomware, banking trojans and exploit kits, along with intelligence-powered social engineering scams and phishing campaigns.
The report also notes an increase in the sophistication and scale of terrorism-related hacktivist groups and online censorship in the Middle East.
“Hacktivism can happen anywhere, at any time, for any reason and against any target – particularly government and ﬁnancial sector organisations around the globe. Understanding the motivation and core ethos of hacktivist groups can help organisations be prepared to defend themselves against these aggressors,” the report said.
According to Kurtz, organisations cannot expect to win if they do not have a solid understanding of how your adversary operates, what their tendencies are, what their goals are, and what motivates them.
“Recognise why they would want to come after you and your company. If you don’t know the game plan of your adversary, you will fail to defend your corporation. It sounds like common sense, but it is something that is lost in the outdated discussion of people, processes and technology,” he said.
Actionable intelligence is critical for security
According to Kurtz, companies must have intelligence, either home-grown or provided by third-party sources who have the trained personnel to monitor, capture and analyse threat data effectively.
He said security operators and business leaders should use the report to gain a better understanding of what they will face in 2016 and beyond to stay ahead of the online adversary.
“It is a forecast of what is coming in terms of cyber threats for not only C-level executives such as CEOs and CIOs, but also chief marketing officers [CMOs] and corporate boards. Distant geopolitical events occurring in disparate parts of the world are creating ripple effects that wash up on the doorstep of industries and companies thousands of miles away in the form of cyber threats,” said Kurtz.
Adam Meyers, vice-president of Intelligence at CrowdStrike, said “actionable intelligence” is critical for a strong security posture.
“Understanding adversary motivations and the reasons for their actions is critical to businesses being able to anticipate what they will do next, to whom, and why,” he said.