One of the most disturbing security trends over the last few years has been the rise of the meta attack. The scope of this type of attack is far larger and wider than a threat designed to achieve a specific goal. These advanced cyberattacks are so significant, in fact, that they could sink an entire organization if it doesn’t take the time to install lifeboats on its own network, as well as those of third-party partners, which requires collaboration across all departments throughout the enterprise.
Directed Attacks Versus Meta Attacks
A directed attack has a clear goal, such as obtaining credit card information that can be sold on cybercrime forums. A meta attack, on the other hand, attempts to disrupt or destroy the very business that hosts such data.
The form of meta attacks is often intentionally confusing. For example, malware used in a meta attack might first appear to be a ransomware instantiation, only to be revealed as a data destroyer upon further investigation. Once it wipes out the data in a system, there would be no way to restore it unless it had been backed up.
The scope of such attacks may be far greater than typical threats targeting individual organizations. They could be focused on a geopolitical area, for example, or a certain segment of the economy. The implication of an individual business in such a scheme may be considered mere collateral damage. In fact, these attacks are often used as platforms to launch additional attacks.
Organizations need to unite all their components to respond to a meta attack. The C-suite, operational security team and sales force all have important parts to play in the design and execution of incident response plans. No part of the organization can do it alone because the problem is too large for limited viewpoints.
The Partner Problem
The small and midsize business (SMB) partners of a large organization may well be the weakest links in the security chain. Those partners may not have the same security practices in place as the larger organization and thus present easier targets for attackers. Operational security by itself lacks the authority and influence to change the way an SMB operates.
A recent study from the Ponemon Institute titled “Data Risk in the Thrid-Party Ecosystem” found that 56 percent of businesses have experienced a third-party data breach in the past year, a 7 percent increase from the previous year. Worse, 57 percent of respondents had no inventory of the third parties with which they share sensitive data.
Businesses know they have a problem. Only 17 percent of respondents reported that they were highly effective at mitigating third-party risks, a 5 percent decrease from 2016. Meanwhile, 60 percent said they were unprepared to check or verify their third parties.
This problem is becoming more visible of late. A survey from security firm Avast found that 75 percent of SMBs “agree that they are more concerned about cybersecurity issues than they were in years past,” TechRepublic reported. Third-party partners are starting to realize that these security issues can impact their own core businesses by causing upstream problems.
Perhaps sales can help here. Sales employees will most likely be the boots on the ground for that SMB. They will know what the SMB actually does in practice and be able to advise the security team of any potential problem areas. Of course, operational security will need to train the sales team to recognize and understand specific security consequences so that they can make the best observations.
This is just an example of how two company segments can work together in a cohesive way to generate a net-positive result. Each has its own expertise to contribute to the situation. The scope of these new threats is simply too large for siloed segments to handle.
C-suite involvement is also crucial. Executives must define both the policy and the direction to effect meaningful SMB change. A chief information security officer (CISO) cannot just be a box-checking compliance monitor; he or she must devise and implement strategies that can save the business in the event of a meta attack. Security leaders need to take creative approaches to solving real-world problems.
A CISO might realize, for example, that an SMB partner uses vulnerable Vista or XP operating systems on its desktops. What can he or she do to change that? What incentives or penalities could the CISO implement to get all the organization’s partners on the same page? How can he or she convince the rest of the C-suite that this type of problem is not just a cost center, but a necessary measure to keep the business running?
Commonality
The scope of security problems has grown from merely annoying to potentially business-busting. All stakeholders must have unity of purpose and method, enabling the organization react swiftly and prevent crippling problems from happening in the future. If they do not, they are sure to meet a sea of potentially devastating cyberattacks — and without lifeboats in place, the business could easily sink.
Principal, PBC Enterprises