According to Darwin, “It is not the strongest of the species that survives. It is the one that is most adaptable to change”. The landscape of threats on the Internet is constantly changing, and so are the necessary technological responses to different cyber attacks. Companies and states must methodologically develop and implement a comprehensive strategy to best apprehend risks and meet the objective of cyber resilience.
Threats, threats and more threats
Symantec’s annual Internet Security Threat Report (ISTR), published in April, analyses all the Internet risks detected by its surveillance network, the largest one in the world. The report shows that threats have grown more complex and that there has been a genuine shift in cyber criminal behaviour. In concrete terms, there has been a 62% increase in data breaches, with the rate of this type of incident always on the rise. Targeted attacks have become more and more common; they have grown 91% and last an average of three times longer than in previous years. A number of zero-day vulnerabilities were discovered, and some Linux attacks were detected while they were being carried out. France ranks 15th worldwide among countries with the highest rates of cyber crime. The country is experiencing a resurgence of targeted attacks and ranks 8th in the world in this respect. Phishing is an especially serious problem; France ranks 7th among all countries and 3rd in Europe in hosting phishing attacks. It is the 7th most common origin worldwide of network attacks and occupies the 4th place in Europe in terms of web attacks.
This means that companies of all sizes must re-examine, rethink and indeed redefine their security policies.
Antivirus is dead. Now what?
Rethink and redefine security policies, yes — but with what tools? Given that attacks have proliferated and become more complex, traditional signature-based antivirus is dead because it is intrinsically powerless against evolving threats, which (almost) no more longer involve viruses. This type of software must now become smart and adapt to the different media that use data and to the uses, but above all integrate technologies that enable maximum protection thanks to their continuous analysis of potential and proven threats. It is also necessary to strengthen security infrastructure by equipping technologies proven to prevent data loss with network and point-of-contact protection, encryption, and authentication.
“To achieve cyber resilience […] within the public and private sector”, in France and throughout Europe is an EU objective that calls for a security strategy to be adopted and methodologically applied.
To meet this objective, the response should also be strategic and methodological and must go beyond technologies. A tactical and imprecise response is by and large inadequate, no matter how much it integrates prevention and tailored recovery.
States and companies need to first of all understand attack modalities, and then prepare themselves in advance to better respond to them. Three questions must be answered when analysing an attack: Who? Why? What are the targets? Indeed, cyber attackers always fall into one of three categories, depending on their motivation: technological feat, profit or ideology. The goal of attacks is to harm infrastructures, information and identities. Both mass and targeted attacks are aimed at individuals, companies and governments.
Cyber attacks systematically comprise five distinct phases. During the reconnaissance phase, attackers identify their targets and gather information on them in order to better infiltrate their infrastructures during the attacks themselves. During the scanning phase, they then map the various systems to better prepare their plans for attacking. In the access phase, they install malware in order to access data and subsequently exfiltrate the targeted data.
Cyber resilience requires the implementation of a comprehensive process that begins with analysing the human, economic, social, financial and technological risks faced during cyber attacks. Next, it is essential to anticipate attacks using a certain level of information, preparation and collaboration with the different stakeholders. It is also necessary to prevent the attack, if possible, or at least contain it, thus enabling the company or organisation to carry on with its critical missions despite the circumstances. The company must restore operation and evolve continuously towards an ever more vigilant and secure model suited to the new forms of identified threats and the new known risks.
Cyber resilience thus requires the integration of rapid detection and response, insight into attacks, and operational efficiency on both a human and technological level.
In conclusion: from method to action
If a sophisticated way for private individuals to deal with security threats that can affect their data has yet to be developed, states and companies must be concerned with the security of the entirety of their information, IT infrastructure and identities that need to be protected. It is also incumbent upon the software industry to continually offer the most complete and pertinent information possible in real time, develop tailored detection and response solutions that take potential and known threats into account, and invest in innovation and research and development so that everyone may be prepared to block the next cyber attack.