What Are Companies Doing to Beat Hackers?
With all the recent news about hackers and huge online attacks—think of the cyber attack on Sony Corp. in late 2014—it's easy to think that hackers have the upper hand in the cyber wars. But that's not the case.
One reason it seems that way is that when large companies (Sony, Target, Home Depot) or government agencies do get hacked, it makes front-page news. As it should: News agencies have a responsibility to let consumers and citizens know when their privacy has been invaded or breached. It's a persistent problem, but it doesn't mean that security companies are at a total loss as to what to do.
Rest assured that cyber-security leaders (official agencies and private companies) are going to great measures to fight back against hackers and are constantly developing new software, strategies and tactics to keep computers and people safe.
They have to step up their efforts because the latest events prove that hackers are upping their game as well.
Cyber attacks range from large efforts against huge targets, sometimes called a "mega breach," to those that affect just a few thousand. A mega breach, according to Symantec Corp.—a leader in cyber security—is one in which the data or accounts of more than 10 million people have been compromised.
Over the past two years, hacking has not quieted down. According to statistics put together by Symantec for 2013, here's what that year looked like:
- There was a 91% increase in targeted attacks, compared with the previous year...meaning that hackers tried twice as hard in 2013 than the year before.
- Of those attempts, there was a 62% increase in breaches...meaning that through their attacks, the hackers penetrated the system and stole information.
Motivated to fight back.
With development money, privacy and pride at stake, companies are becoming more aggressive in their fight against hackers. Symantec Corp. is just one of those companies working hard not only to catch up to hackers' ways and methods, but also to beat them at their own game.
"Symantec has been analyzing the cat-and-mouse game that has defined the security industry—with a focus on changing that game," says Samir Kapuria, vice president of the Cyber Security Group at Symantec. "In the current model, the adversary introduces a new attack, and then the good guys innovate a countermove to thwart that attack. This action/reaction relationship provides a time advantage for attackers."
But that game is undergoing a change, in Kapuria's eyes. Using an analogy that sports teams use, he says that in the future, part of a strong defense will be a strong offense. In others words, instead of waiting for the next attack and keeping their fingers crossed, they're now thinking more like hackers do. "We are looking at the industry through the lens of an attacker and have executed against our plans to break that paradigm," Kapuria says.
For instance, he states that Symantec has identified the steps or phases of the typical cyber attack:
- Reconnaissance—gathering a profile of a company and their systems
- The break-in—which includes discovering vital information
- Data theft—which is the result and outcome a hacker hopes for
Knowing that pattern exists allows Symantec and other companies to use it to their advantage. Here's how:
An organized, company-wide effort.
Part of Symantec's solution was to create a team of people who complemented the new and sophisticated security products they had developed. That new team, called the Cyber Security Group, has an arsenal of products and services they use to identify and combat hackers' tactics at each of the cyber attack phases.
This isn't just a plan on paper. Symantec and other companies already have these solutions in place to serve themselves and their clients—both private companies and government organizations.
"We started by building an intelligence team, which allows us to identify when the attackers are in the reconnaissance phases," Kapuria explains, adding that when the attacker is ready to infiltrate and steal information, Symantec's five global security operations centers can flag and notify their customers of suspicious behavior through network monitoring. More importantly, he says they can move teams of people into place to take the fight to the next level.
"When needed, we have the ability to deploy fly-to-site teams to research and identify the attack tactics that were employed, and to help our customers minimize the damage of the breach or attack."
Getting everyone in on the game.
Symantec has other ideas to level the playing field against hackers. They also have devised a cyber war-games simulator. Think of a video game populated with large-but-fictional countries and companies...as well as hackers and security companies going head-to-head in battle.
The simulation is used for training and will help to raise the awareness and skill levels of Symantec employees, customers and government personnel. The simulation gives players a sense of a cyber attack-and-defense experience, thankfully without all the destruction that would come with a real attack.
It's a game with serious implications. "We can anticipate the next move to get ahead of the attackers and protect our customers from not only what is known today," Kapuria says, "but from what might come tomorrow."
* Bloomberg Businessweek, November 9, 2014