By Aaron (Ronnie) Eilat, General Manager, Custodio Pte Ltd, IAI’s cyber early warning R&D Center in Singapore
Cyber age reality is shaped by the inherent asymmetry between attackers and defenders. While attackers enjoy the ease of concealing and disguising identities, the widespread availability of data encryption utilities and the proliferation of cyber-attack tools, defenders, on the other hand, face the daunting challenge of detecting advanced, subtle and persistent threats, which are extremely hard to trace.
As this reality becomes clear and as the cyber world is increasingly demystified, cyber professionals as well as “laymen” realise that total prevention of cyber risks is impossible. There is no Star Trek style “Deflector Shield” one can use to secure data, networks and other cyber assets, completely eliminating the chance of a successful cyber breach.
The threat of a successful breach is not subsiding; on the contrary, it is intensifying. Symantec’s 2014 Internet threat report dubbed 2013 as the “year of the mega breach”, stating that “2011 saw 232 million identities exposed, half of the number exposed in 2013. In total, over 552 million identities were breached in 2013, putting consumer credit card information, birth dates, government ID numbers, home addresses, medical records, phone numbers, financial information, email addresses, login, passwords, and other personal information into the criminal underground”. Similarly, the report quoted a 500% increase in Ransomware attacks in 2013 (a ransomware is a malware, which restricts access to an infected computer system, and which requires the payment of a ransom in order to remove the imposed restrictions). Despite the world’s focus, in the wake of the Snowden leaks, on cyber espionage and governments’ reach into cyberspace, cyber-crime remains a clear, imminent and spreading danger.
It is not only that the number of attacks is on the rise, but also the number of affected industries and types of businesses. No longer the plight of only the ICT industry, cyber risks are now also tackled by the healthcare, media, professional services, insurance, education, finance, retail sectors and many others. As attackers start to target the Internet of Things (affecting smart TVs, cars, medical and even industrial systems), the looming cyber threat is fast becoming an issue even for what were considered “low tech” industries. It should be noted that even the more sophisticated and targeted cyber operations are no longer limited to government espionage and big enterprises. According to Symantec’s report the risk of being targeted by Spear-Phishing attacks are quite similar for large enterprises (39%), medium enterprises (31%) and Small enterprises (30%). According to a Marsh Risk Management report, cyber criminals unleash 3.5 new threats every second targeting small businesses.
One might acknowledge the increasing presence of cyber crime and cyber threats, but are there real world damages being incurred? The answer is most definitely “Yes”. A Marsh Risk Management analysis, of the percentage of companies affected by leading causes of supply chain disruptions, shows that technology outages outpaced adverse weather as a major disruption in 2012 and that data breaches and cyber-attacks collectively were more disruptive than fire (!) and civil unrest. The real world effects of materialising cyber risks can’t be ignored. E&Y’s 2013 Global Security Survey stated that 70% of organisations surveyed indicated that information security policies are owned at the highest organisational levels.
So, should we raise a “white flag”? Pull out the dusty old typewriter? The answer is obvious – we can’t afford to. As a result, many organisations and enterprises, of all sizes, around the world, have adopted Cyber Risk Management Policies. These policies enable managing cyber risks as an integral part of the corporate governance, risk management, and business continuity frameworks. A sound cyber risk management policy provides a framework for managing and mitigating cyber risk throughout the enterprise. By adopting industry standards and best practices, by prioritising ICT assets, including the data of organisations and customers, and identifying the risk they are exposed to and by assessing the impact of a cyber breach for each of them, organisations can prioritise their cyber security investments and adopt a more comprehensive and cost effective policy. Cyber risk management policies also outline the incidents response plans for different cyber breach scenarios, making sure all relevant stakeholders integrate and coordinate their response.
Another good example is the insurance industry. The insurance industry has been adapting to this evolving need for more than a decade, as Cyber insurance policies were introduced to the market. Cyber insurance policies provide direct loss and liability protection for risks created by the use of technology and data in an organisation’s day-to-day operations. These policies were created to fill historical gaps in traditional insurance policies, including: protections for claims arising from a disclosure or mishandling of confidential information, protection for claims arising from a failure of computer security to prevent or mitigate computer attacks and more. The insurance industry has also successfully managed to adapt different policies to different sized enterprises and companies, making cyber insurance relevant and available to business of all sizes.
But realising that cyber breaches can’t be avoided completely doesn’t mean that we should give up on technological solutions and protection. Researching and developing Cyber Early Warning technologies that will enable detecting a breach at its initial phases of infiltration and spread through the network and before it manages to incur damages is crucial for successfully managing and mitigating cyber risks. Similarly, adopting active defence solutions that draw malware to predefined areas within the network (away from sensitive assets and data), and which help contain, mitigate and eradicate the threat, and even enable response against the attacker or at least enable attributing the attack to its perpetrator are also extremely important.
It is for these reasons that Custodio was established: Custodio is IAI’s cyber early warning R&D center in Singapore, with the support of the Singapore Economic Development Board (EDB).
IAI, a world leading developer and producer of advanced defense and aerospace systems, and a recipient of a grant as part of the Singapore Economic Development Board’s (EDB) Research Incentive Scheme for Companies (RISC), Custodio was established in Singapore in 2014 as a “Cyber Early Warning R&D Center”. Custodio is tasked with the mission of spearheading R&D activities in the field of cyber early warning, focusing on innovative active defence approaches, cyber geo-location resolution & attribution, and anomalous behaviour detection, as well as leading IAI’s offering in the field of Cybercrime investigation and analysis for law enforcement agencies. Custodio will develop prototypes for cyber early warning solutions, mature these prototypes into fully-fledged customer-grade solutions, and market the solutions both in Singapore and abroad. Custodio was established as a local Singaporean company and its workforce will be based primarily on Singaporean employees. Custodio aims to have a unique blend of white-hat hacker and engineers, which will provide an inherent advantage in a very dynamic domain, which is constantly changing and increasing in its complexity. ■
ABOUT THE AUTHOR
Ronnie Eilat is a senior manager, with over 15 years of global experience in product management, business development, strategy and marketing of cyber defence, intelligence, law enforcement, public safety and security solutions.
Custodio is IAI’s cyber early warning R&D center in Singapore, with the support of the Singapore Economic Development Board (EDB). IAI is a globally recognised leader in development and production of commercial and military aerospace and defence systems. IAI provides world leading unique solutions for a broad spectrum of needs in space, air, land, sea and cyber. With 60 years of experience IAI exports its products to over 90 countries and has over 30 subsidiaries worldwide.
Download the article as a PDF: NEVER SURRENDER – A SOBER, YET OPTIMISTIC, VIEW OF THE FIGHT AGAINST CYBER THREATS -IAI_Custodio article