Basic precautions can thwart hackers

This article is more than 12 months old

Detection and response is not enough to counter cyber attacks; focus must be on preventive measures

Cable and satellite TV network HBO has been the latest victim of what looks to be a targeted and coordinated cyber attack.

Sources claim that unreleased episodes and scripts of shows - particularly fantasy hit Game Of Thrones - company documents and employee data have all been stolen.

Another item of concern was the volume of information stolen, which reportedly came to 1.5 terabytes or 1,500 gigabytes, seven times the amount of data that was leaked in the 2014 hack on Sony Pictures.

Having private information relating to employees compromised is a pressing concern for both the company and its staff members.

HBO is working with forensic investigators to determine the source of the attack and the extent of damage.

At this stage, it is unknown how attackers compromised the corporate network.

What is known is that specific content housed in separate locations had been targeted, which suggests that multiple points of entry were favoured over a single point of origin.

This is somewhat unusual when compared to other attacks, whereby criminals often compromise a single system and then move laterally within the organisation.

This has led to many people pondering why the number of such attacks has been increasing over time.

The answer comes down to a combination of factors. For example, exploits leaked from government agencies are being used to bypass organisations' security defences.

Exploits refer to methods whereby attackers can take advantage of a bug or vulnerability in order to cause harm or disruption to services.

Such exploits used to be in the possession of nation states, but have lately been sold on the dark web for cyber criminals to leverage as part of their campaigns.

For all the media coverage witnessed in response to recent events such as WannaCry, it appears security teams are not learning their lessons.

Many failed to patch their systems to protect against the exploits used by WannaCry, meaning they were also vulnerable to subsequent attacks that followed soon after.

Not enough priority is given to preventive controls to thwart such attacks, with many businesses using detection and response as a primary strategy.

No amount of forensic investigation will be able to undo an attack, or restore a company's reputation after a major breach.

The motives of cyber criminals are also changing. While many are out to make a profit, there are others who simply want to inflict damage.

In the case of the HBO attack, no ransom was demanded. This is similar to the recent outbreak of the NotPetya malware, which deleted victims' files instead of holding them hostage.

There are good reasons why these threats should be taken seriously. The costs to businesses are substantial and include legal fees, fines, loss of revenue and the ensuing impact on the company's share price.

While it is impossible to put a dollar figure on a company's reputation, the attacks on Yahoo ultimately resulted in a US$350 million (S$480 million) discount on the purchase price paid by Verizon.

High profile cases including those of Target and Sony Pictures led to the removal of key staff members in senior positions. It is a high price to pay, and highlights the need for businesses to be doing what they can to ensure they have robust security in place.

The writer is the chief strategist (Asia-Pacific, Middle East and Africa) of security software company Check Point Software Technologies.