By Paul Stokes, COO Wynyard Group
City of London Police Chief Adrian Leppard, at a recent Tech UK conference, said that up to 80% of online crime goes unreported to the authorities.The Commissioner told the audience that the scale of the threat is much greater than the public think, so much so that it may have even surpassed what drugs make up the criminal economy.
Leppard’s concerns echo a report released last year by the Joint Committee of the European Supervisory Authorities (ESAs) which shows, not surprisingly, that banks “have been hit by cyber-attacks and other malicious attacks more frequently, and have seen an increase in high-profile distributed denial of service (DDoS) and outages.”Industry surveys also indicate that more than half of the world’s biggest banks’ websites have been hit by security incidents in the past eight years..
The vast gap between what is reported and the actual threat level arises primarily because of banks’ unwillingness to report breaches, for fear of damaging their reputations and losing customers. This attitude makes it harder to gain an accurate picture of online crime, helping fund growing cyber criminality and in turn, costs customers collectively.
This raises the question of whether the UK government should consider obliging firms to disclose serious breaches, as is currently the case in the US.There has been proposal by the European Commission that companies operating in Europe across a wide range of industries, including banking, would be required to report cybersecurity breeches to designated national authorities.
More importantly, this calls fora fundamental change in mind-set by both banks and law enforcement agencies, one that prioritises detection and prevention, rather than a traditional approach of dealing with an incident once it has happened.
But detecting threats is not easy. Today, banks face sophisticated intruders who constantly change and refine their methods, as well as insiders who abuse legitimate access to manipulate and steal data.
Attacks are also very difficult to detect, because there is no attack rule book to consult. A clever intruder may lie low within an organisation for a long period of time, concealing their movements within the “noise”of the network. Insiders are even more difficult to spot because much of what they do may be legitimate, while only a small part of their activity is threatening.
The key is to understand what is happening on a continuous and ongoing basis, evaluate the degree of risk at any one time in order to detect cyber breaches early on, understand them and manage them. This is essential considering that, on average, it currently takes around 230 days before a breach is detected. By this time, the damage has been done and in some cases it is irreversible.
A new approach to cyber security is now needed – one that takes advantage of big data and smart algorithms to allow organisations to detect small anomalies before they become big problems. With mathematical machine learning and anomaly-detection capability, new information-driven cyber intelligence tools are designed to allow organisations to identify previously unknown, security-relevant patterns in an ongoing and timely manner, enabling identification of high-risk cyber threats and vulnerable areas that can inform comprehensive risk management strategies.
Serious cybercrime and cyber espionage are an unfortunate fact of life for virtually all companies and governments. Regardless of mandatory reporting of a breach, the company that employs big data analytics to detect and act on unusual network activity is best positioned to counter those attacks, preserve their data, and protect their customers and reputation.