While some UK organisations spend thousands of pounds safeguarding their data, it’s clear that others aren’t as mature in their cyber security approach.
FireEye’s latest M-Trends report for the EMEA region shows that it takes an organisation a median of 469 days (over a year!) to realise it has been breached.
As a point of reference, the global equivalent was just 146 days. It also revealed that an average amount of 2.6GB of data is stolen in breaches.
In many instances, this contains sensitive employee and business critical data, such as intellectual property, payment card industry data and money transfers.
Although this is an EMEA wide figure, based on our experts’ first hand experience, this is also fairly typical when it comes to UK organisations.
To add to this, FireEye’s Mandiant Red Team, made up of security experts who act like attackers, is typically able to obtain access to domain administrator credentials within three days after gaining initial access to an environment, so it’s clear that we still have a long way to go.
The bad news is that next FireEye expects to see a continued rise in attacks against less security mature regions, and the UK is one of them.
The degradation of trust
One key theme that will play a big part in cyber security attacks in 2017 and beyond involves a shift in cyber security practices.
Traditionally, cyber security actors have focused on threatening the confidentiality and availability of information, and haven’t really focused on the integrity of that data.
Confidentiality is, of course, threatened by espionage and data theft by criminals, while availability is threatened by disruption attacks, such as denial of service (DoS) and ransomware.
News headlines tend to focus on criminals stealing credit card numbers or ransomware locking down files belonging to organisations large and small.
More recently, however, the USA’s Director of National Intelligence and Director of the National Security Agency have sounded the alarm over the potential for an increased focus on corrupting or damaging the integrity of information.
Changing data, rather than stealing it or deleting it, will present a significant risk to computer systems in the future.
>See also: The Trojan horse: 2017 cyber security trends
Data manipulation can damage computer systems in two main ways:
The first is that altered data causes a machine or process that relies on that data to fail or act in an unintended manner, potentially threatening human life.
The second way is to degrade the trust that users place in the data, and by extension, the overarching system itself.
Both state and non-state actors in cyberspace will increasingly target the integrity and reliability of information in order to achieve their goals and undermine people’s trust in various organisations.
It has already been seen how vulnerable and fragile trust is. Often with high profile data breaches, it isn’t the breach itself that can create long term damage, but the significant decrease of trust in the company that follows the breach, leading customers to move to the victim’s competitors.
What will this look like in the real world?
Humanity is increasingly delegating critical tasks to computers and software and digitising data and communication between governments and their citizens as well as enterprises and their partners and customers.
Just think about the trading of financial instruments or the treatment of drinking water. This relies on us placing great trust in our systems to operate as normal, without implementing sufficient checks to ensure that they do.
But how would this work in practice? When it comes to altered data affecting systems, a traffic control system that sees its data changed could cause automobile wrecks that then potentially cause injury or death.
Computing software and connected devices are all around us. Hospital treatment management systems, election processes, financial trading insurance and other important sectors all rely heavily on trust to function.
>See also: Top 10 security predictions for 2017
Surreptitiously changing the data which these systems rely on or using connected devices in disruption attacks can have significant impact, requiring lengthy and costly investigations to determine the cause.
Meanwhile, the trust placed in these systems can be quickly degraded or even eliminated depending on the incident’s severity.
Looking to the future
So what’s next? Both state and non-state actors in cyberspace will increasingly target the integrity and reliability of information across the board.
This may range from degrading the validity of an election outcome in state-state dynamics to a criminal group compromising data in a financial trading system to cause a movement in stocks that provides the group with a remunerative benefit.
When it comes to protecting yourself from this cyber shift, an increased awareness of these future challenges can help to preemptively establish more robust defences against these types of attacks on trust.
The sheer potential of the widespread impact to society and to human life due to our increased reliance on digital systems make this awareness particularly critical.
Sourced by Jens Monrad, senior intelligence analyst at FireEye