Is there someone lurking in your network?
Imagine if an intruder was hiding in your home right now. Would you just change the locks, repair broken windows and leave the criminal lurking inside, ready to steal your valuables? Of course not. Yet, figuratively speaking, this is happening right now across organizations in the private and public sectors. Cyber criminals are breaching perimeters and remaining undetected in networks for months. In fact, a recent Ponemon Institute study found that the average cyber security breach goes undetected for over 8 months.
Once inside, an agile attacker can do untold damage. In a breach at the U.S. Office of Personnel Management in June 2015, attackers stole the records of over 21 million current and former federal employees. The records included detailed, sensitive information, such as employment history, names of relatives, fingerprints, addresses, and past drug abuse or emotional disorders. The agency will now have to spend millions of dollars to provide protection services for those affected, and is facing multiple class-action lawsuits. The breach exposed the US Federal Government to significant financial loss, and highlighted serious flaws in its ability to detect threats, given that the theft appears to have taken place over a period of six months.
While most public sector organizations invest in perimeter security, many have not yet explored using contextual intelligence to mitigate these threats. They are essentially checking their locks and responding to a breach when it occurs, but not examining the crime scene or considering the available surrounding evidence. Like all criminals, cyber criminals leave clues – in social media, network and building access logs, documents, black lists, in the dark web and many other places. These clues can hold invaluable insights about the attacker’s identity, relationships and motivation that can help you both create a network more resilient to threats and identify and disrupt the breaches that slipped past your perimeter.
The key to uncovering cyber-criminal clues lies in the ability to search through large volumes of heterogeneous data sets, identify hidden patterns and connect the dots. This kind of process is now available to empower cyber intelligence analysts in agencies to produce highly accurate and actionable intelligence that can be used to counter and mitigate stealthy and aggressive threats. We call this cyber threat analysis.
Government systems include a staggering amount of critical, sensitive and confidential information – and nowhere is cyber analysis more important.