Criminals do not want to get caught – Fact!
Cyber criminals are as the name suggests criminals. Criminal activity by its very nature just happens to be illegal, and if the perpetrator is caught is likely to result in prosecution and detainment at the pleasure of a government somewhere.
Clearly this is not an attractive option for a criminal. So, to avoid this cyber-criminals are extremely careful not to get caught. The anonymity that the internet provides is one aspect that can assist the “not getting caught.” The other, more effective method is to avoid detection altogether, cover your tracks and leave no trace, so that you have no idea that you or your business may have been attacked and may have something stolen.
But if a cyber-criminal steals something of ours, we will know. Right? Will you? In the good old days, before computers and devices, our world was dominated by tangible, physical things. It was there, present, in our hands, at our fingertips. You would know whether a thing was present or missing. We now live in an increasing digital environment, with more things becoming virtual. We used to buy music on vinyl and CDs, now we stream music. We used to hold paper files in filing cabinets, now they are digital files stored on hard-drives and servers. These former tangible assets are now virtual, digital data files. If a cyber-criminal has the access, data files can be copied and stolen, and unless you are looking for it, chances are you will never know.
So what? How does this affect me? Well, if you happen to be reading this and are sitting there thinking: we are ok, we have not been attacked, I would know. Ask yourself, are you sure? How do you know? Do you have systems and processes for detecting the theft of information? Remember anti-malware looks for malware and viruses, not unfettered access. If your network has inherent design flaws, a cyber-criminal can quite literally digitally “waltz in” have a good look around and take any information that is not secured.
How often, if at all, are your log files analysed to identified: who has accessed your network, or what information has left? Would you know? Are you resourced to do this? Do you keep log files? At what point to they get overwritten? Do you even know what log files are? If not, I would suggest you ask these questions to your IT support, or get some support. To be helpful, log files are simply a log of events that have occurred, which can be analysed to understand activity or an incident. They can also be erased and amended.
Each criminal will have their own motivations and level of competency. Some will want an instant payday perhaps through the diversion of a financial payment as part of a phishing or man-in-the-middle scam. Others, the “All-Stars” of cyber criminals may just view you as an access point, the soft underbelly as part of an elaborate strategy to target a bigger, more valuable fish – your owners; your clients; a bigger, more prominent business you supply to. Cyber criminals are interested in the personal data you hold on individuals, or the “trusted” digital connections you have with their “next” intended target, or access point. They can use information/connections to unlock the next part of the puzzle or move onto the next phase. All of this can happen unwittingly, and you can provide the information and connections they need without even realising or detecting that it is happening.
As a business, we often hear: “We don’t see this as a problem;” “We have not experienced a cyber-attack;” “We just don’t hear about this happening.” The reason for this could be because you are one of the fortunate ones that has not be targeted or suffered an attacked. Or it could be because the cyber-criminal is extremely proficient at their trade, and while you may not have experienced a direct cyber-attack, you may have unknowingly breached information or facilitated an attack that has occurred elsewhere.
All businesses must remember that under UK / EU GDPR and similar international data protection regulation, you are obligated under the Confidentiality and Integrity (Security) principle to implement appropriate organisational and technical controls to protect the personal data that you hold. When the true end goal of the cyber criminal’s strategy reveals itself and forensic analysis of the attack is conducted, could it reveal that your business breached the information that enable the attack to occur because of insufficient organisational and technical controls. Would you be willing to accept this risk and consequences for your business?
So even though you may not believe you have suffered a direct cyber-attack, are you certain that you may not have been a victim of a cyber-attack? Good to trust, better to check.
Michael Wills is co-founder and chief data officer for CSS Platinum.