////////////////////////////////////////////////////////////////////
and notify organisations. But we hope that
this should decrease as much as possible
so we reach a point where we don’t need a
third-party agency any more to notify other
organisations about data breaches. This is
because if they are notified by a third-party
agency this means they are already exposed
which means it’s too late. So I don’t think
organisations should take comfort if they are
notified by a third-party agency that its data
is exposed.
The report mentions nation state
threat actors. In recent years how
have they become more aggressive
and persistent?
In 2018 we saw more attacks that were
made public and attributed to nation states
like the Iranian group that is believed to
be linked to the Iranian government or the
Chinese group that we believe is linked to the
Chinese government.
Such groups have managed to secure huge
funds in terms of money and logistics from
governments that help them to upscale their
skills. This has helped the groups to specialise
and go after certain targets so they can have
a focus on different industries.
We heard about the attacks on the aviation
sector, the attacks on the banks and other
attacks that went after specific needs either
to effect a certain deal that might happen or
effect the operations of a country so it could
help a military strike or things like that.
So that’s really a good reason why we
see more sophistication from those
bodies as they are getting more sponsored
from governments.
Are the main threat actors Iran,
China, North Korea and Russia?
Yes. These are the most active countries.
As FireEye and the consultants from the
Mandiant team have found most of the
time many of the threat actors are linked
to these countries.
Are any countries in the Middle East
particularly under threat?
Actually no. Every Middle East country has
been targeted in the past year. But there
are many attacks that are not announced
www.intelligentcio.com
TRENDING
to the public due to sensitivity or due to the
culture so no one has been immune from the
attacks in 2018. Why is there an increase in phishing
attacks during mergers and
acquisitions (M&A) activity?
The report says organisations which
have been victims of a targeted
compromise are likely to be targeted
again. Why is this? When you look to the mergers that have
happened or the acquisitions, they are
usually very large organisations that acquire
smaller organisations. They are not all at the
same security level.
If you were breached once this means that
someone was inside your organisation.
From our experience when most of the
hackers get into a network they don’t
rely on one way of getting inside the
victim network so they always leave a
way back inside those organisations. If
an organisation is targeted it means it
is important whether that’s financially,
industrially or politically. This means
another group could come with a new
technique to get inside this network too to
get additional information or get money.
If you look at the history you will find
that most of the banks in the region were
targeted many times in many different ways
so sometimes they will try and compromise
their money transfer system or try another
technique that will lead to denial of service.
“
THERE ARE
MANY ATTACKS
THAT ARE NOT
ANNOUNCED TO
THE PUBLIC DUE
TO SENSITIVITY
OR DUE TO THE
CULTURE.
These things are a motive for all of these
hackers to come back and get inside
the network. Another fact that I want to
highlight here is as we progress into the
emerging technologies like Blockchain and
AI, these are lacking security measures and
they will take time to mature from a security
point of view and this will help hackers.
We need to look at the reasons for
acquisitions and mergers. Some of them
are for financial reasons, some of them are
for technology reasons. Some government
organisations, for example, acquire a
technology organisation so they can have an
in-house service. This gives hackers, one way
or another, an opportunity to get into the
mother company. In the smaller company
you could have employees who are not at the
same level of maturity. The easiest way to
reach those people is by email. From one to
three years following the merger, there is an
opportunity for hackers to utilise a lack of sync
between the two organisations to get inside
the network. One click on a phishing email
and the hacker can get inside an organisation.
Why is data in the cloud
being targeted?
If you go back to why people go to cloud it
is to have many things in one place which
is accessible by many people, that is the
origin of having a third-party host for an
organisation’s data so its mobile users and
multi-branch offices can reach the same place
within a minimal cost and at the same time.
The problem with cloud security is the hosts
are usually not at the same level of security.
The cloud is still breachable from the hackers
because not all cloud infrastructure is secure
100%. A lot of the cloud providers do not
have a security background, they have a
storage background so this helps the hackers.
The other thing is cloud means a lot of
things. Cloud means a lot of data which
means it is a juicy target for the hackers to
go inside those networks where they can get
the data easily.
Many cloud providers have third, fourth or
even fifth party bodies that are engaged
into building their infrastructure. Some of the
breaches that happen is through one of their
third-party bodies. n
INTELLIGENTCIO
25