One of the most disturbing security trends over the last few years has been the rise of the meta attack. The scope of this type of attack is far larger and wider than a threat designed to achieve a specific goal. These advanced cyberattacks are so significant, in fact, that they could sink an entire organization if it doesn’t take the time to install lifeboats on its own network, as well as those of third-party partners, which requires collaboration across all departments throughout the enterprise.

Directed Attacks Versus Meta Attacks

A directed attack has a clear goal, such as obtaining credit card information that can be sold on cybercrime forums. A meta attack, on the other hand, attempts to disrupt or destroy the very business that hosts such data.

The form of meta attacks is often intentionally confusing. For example, malware used in a meta attack might first appear to be a ransomware instantiation, only to be revealed as a data destroyer upon further investigation. Once it wipes out the data in a system, there would be no way to restore it unless it had been backed up.

The scope of such attacks may be far greater than typical threats targeting individual organizations. They could be focused on a geopolitical area, for example, or a certain segment of the economy. The implication of an individual business in such a scheme may be considered mere collateral damage. In fact, these attacks are often used as platforms to launch additional attacks.

Organizations need to unite all their components to respond to a meta attack. The C-suite, operational security team and sales force all have important parts to play in the design and execution of incident response plans. No part of the organization can do it alone because the problem is too large for limited viewpoints.

The Partner Problem

The small and midsize business (SMB) partners of a large organization may well be the weakest links in the security chain. Those partners may not have the same security practices in place as the larger organization and thus present easier targets for attackers. Operational security by itself lacks the authority and influence to change the way an SMB operates.

A recent study from the Ponemon Institute titled “Data Risk in the Thrid-Party Ecosystem” found that 56 percent of businesses have experienced a third-party data breach in the past year, a 7 percent increase from the previous year. Worse, 57 percent of respondents had no inventory of the third parties with which they share sensitive data.

Businesses know they have a problem. Only 17 percent of respondents reported that they were highly effective at mitigating third-party risks, a 5 percent decrease from 2016. Meanwhile, 60 percent said they were unprepared to check or verify their third parties.

This problem is becoming more visible of late. A survey from security firm Avast found that 75 percent of SMBs “agree that they are more concerned about cybersecurity issues than they were in years past,” TechRepublic reported. Third-party partners are starting to realize that these security issues can impact their own core businesses by causing upstream problems.

Perhaps sales can help here. Sales employees will most likely be the boots on the ground for that SMB. They will know what the SMB actually does in practice and be able to advise the security team of any potential problem areas. Of course, operational security will need to train the sales team to recognize and understand specific security consequences so that they can make the best observations.

This is just an example of how two company segments can work together in a cohesive way to generate a net-positive result. Each has its own expertise to contribute to the situation. The scope of these new threats is simply too large for siloed segments to handle.

C-suite involvement is also crucial. Executives must define both the policy and the direction to effect meaningful SMB change. A chief information security officer (CISO) cannot just be a box-checking compliance monitor; he or she must devise and implement strategies that can save the business in the event of a meta attack. Security leaders need to take creative approaches to solving real-world problems.

A CISO might realize, for example, that an SMB partner uses vulnerable Vista or XP operating systems on its desktops. What can he or she do to change that? What incentives or penalities could the CISO implement to get all the organization’s partners on the same page? How can he or she convince the rest of the C-suite that this type of problem is not just a cost center, but a necessary measure to keep the business running?

Commonality

The scope of security problems has grown from merely annoying to potentially business-busting. All stakeholders must have unity of purpose and method, enabling the organization react swiftly and prevent crippling problems from happening in the future. If they do not, they are sure to meet a sea of potentially devastating cyberattacks — and without lifeboats in place, the business could easily sink.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today