One of the most disturbing security trends over the last few years has been the rise of the meta attack. The scope of this type of attack is far larger and wider than a threat designed to achieve a specific goal. These advanced cyberattacks are so significant, in fact, that they could sink an entire organization if it doesn’t take the time to install lifeboats on its own network, as well as those of third-party partners, which requires collaboration across all departments throughout the enterprise.

Directed Attacks Versus Meta Attacks

A directed attack has a clear goal, such as obtaining credit card information that can be sold on cybercrime forums. A meta attack, on the other hand, attempts to disrupt or destroy the very business that hosts such data.

The form of meta attacks is often intentionally confusing. For example, malware used in a meta attack might first appear to be a ransomware instantiation, only to be revealed as a data destroyer upon further investigation. Once it wipes out the data in a system, there would be no way to restore it unless it had been backed up.

The scope of such attacks may be far greater than typical threats targeting individual organizations. They could be focused on a geopolitical area, for example, or a certain segment of the economy. The implication of an individual business in such a scheme may be considered mere collateral damage. In fact, these attacks are often used as platforms to launch additional attacks.

Organizations need to unite all their components to respond to a meta attack. The C-suite, operational security team and sales force all have important parts to play in the design and execution of incident response plans. No part of the organization can do it alone because the problem is too large for limited viewpoints.

The Partner Problem

The small and midsize business (SMB) partners of a large organization may well be the weakest links in the security chain. Those partners may not have the same security practices in place as the larger organization and thus present easier targets for attackers. Operational security by itself lacks the authority and influence to change the way an SMB operates.

A recent study from the Ponemon Institute titled “Data Risk in the Thrid-Party Ecosystem” found that 56 percent of businesses have experienced a third-party data breach in the past year, a 7 percent increase from the previous year. Worse, 57 percent of respondents had no inventory of the third parties with which they share sensitive data.

Businesses know they have a problem. Only 17 percent of respondents reported that they were highly effective at mitigating third-party risks, a 5 percent decrease from 2016. Meanwhile, 60 percent said they were unprepared to check or verify their third parties.

This problem is becoming more visible of late. A survey from security firm Avast found that 75 percent of SMBs “agree that they are more concerned about cybersecurity issues than they were in years past,” TechRepublic reported. Third-party partners are starting to realize that these security issues can impact their own core businesses by causing upstream problems.

Perhaps sales can help here. Sales employees will most likely be the boots on the ground for that SMB. They will know what the SMB actually does in practice and be able to advise the security team of any potential problem areas. Of course, operational security will need to train the sales team to recognize and understand specific security consequences so that they can make the best observations.

This is just an example of how two company segments can work together in a cohesive way to generate a net-positive result. Each has its own expertise to contribute to the situation. The scope of these new threats is simply too large for siloed segments to handle.

C-suite involvement is also crucial. Executives must define both the policy and the direction to effect meaningful SMB change. A chief information security officer (CISO) cannot just be a box-checking compliance monitor; he or she must devise and implement strategies that can save the business in the event of a meta attack. Security leaders need to take creative approaches to solving real-world problems.

A CISO might realize, for example, that an SMB partner uses vulnerable Vista or XP operating systems on its desktops. What can he or she do to change that? What incentives or penalities could the CISO implement to get all the organization’s partners on the same page? How can he or she convince the rest of the C-suite that this type of problem is not just a cost center, but a necessary measure to keep the business running?

Commonality

The scope of security problems has grown from merely annoying to potentially business-busting. All stakeholders must have unity of purpose and method, enabling the organization react swiftly and prevent crippling problems from happening in the future. If they do not, they are sure to meet a sea of potentially devastating cyberattacks — and without lifeboats in place, the business could easily sink.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today