The business of hacking is a business, we can prioritize the most effective efforts to disrupt it.
“The business of hacking is a business just like ours,” said security researchers from Hewlett Packard Enterprise Co. (HPE) in a new report. “If we think of it like a business, like a competitor, then we can prioritize the most effective efforts to disrupt it.”
HPE's The Business of Hacking report said that the profile of typical cyberattackers—and the interconnected nature of their underground economy—have evolved dramatically in the last several years. Adversaries are increasingly leveraging sophisticated management principles in the creation and expansion of their operations to ultimately increase their impact and financial profits, which are both core motivations for nearly all attack groups today. Enterprises can use this inside knowledge against the attackers to disrupt the organizational structure and mitigate their risks.
Today's adversaries often create a formalized operating model and 'value chain' that is very similar to legitimate businesses in structure, and delivers greater ROI for the cybercriminal organization throughout the attack lifecycle. If enterprise-level security leaders, regulators and law enforcement are to disrupt the attackers' organization, they must first understand every step in the value chain of this underground economy.
Critical elements to the attackers' value chain models typically include:
• Human Resources Management, includes recruiting, vetting and paying the supporting staff needed to deliver on specific attack requirements; the skills-based training and education of attackers also falls within this category.
• Operations, the management team that ensures the smooth flow of information and funds throughout the attack lifecycle; this group will actively seek to reduce costs and maximize ROI at every step.
• Technical Development, the frontline workers providing the technical expertise required to perform any given attack, including research, vulnerability exploitation, automation and more.
• Marketing and Sales, teams that ensure that the attack group's reputation in the underground marketplace is strong and the illicit products are both known and trusted among the target audience of potential buyers.
• Outbound Logistics, encompasses both the people and systems responsible for delivering purchased goods to a buyer, be it large batches of stolen credit card data, medical records, intellectual property or otherwise.
HPE recommends a number of approaches for enterprise security professionals to better defend against these organized attackers:
• Reduce the Profits: Limit the financial rewards adversaries can realize from an attack on the enterprise by implementing end-to-end encryption solutions.
• Reduce the Target Pool: The expansion of mobile and IoT has dramatically increased the possible attack surface for all enterprises. Organizations must build security into their development processes, and focus on protecting the interactions between data, apps and users regardless of device to better mitigate and disrupt adversary attacks.
• Learn from the Adversaries: New technologies such as deception grids provide methods of trapping, monitoring and learning from attackers as they navigate their way through a realistic duplication of the network. Enterprises can use this information to better protect their real network, disrupt similar attacks before they begin, and slow down the progress of attackers.