Risk Management

03:16 PM
Melanie Rodier
Melanie Rodier
Commentary
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

The Geo-Political Knowledge And Expert Skills Needed to Combat Hacktivist Attacks

You have to know your attacker - and your security staff, a security consultant says.

Bank of America's website experienced periodic outages on Tuesday, possibly due to a cyber attack launched in retaliation for a film mocking the portrait of the Prophet Muhammad which has already incited deadly riots throughout the Middle East. The threat, from the "Cyber fighters of Izz ad-din Al qassam," a reference to the military wing of Hamas, was also made against the New York Stock Exchange.

Wall Street & Technology spoke to Eric Friedberg, co-president, Stroz Friedberg, a global digital risk management and investigations firm about how financial firms should protect themselves from these sophisticated attacks.

WS&T: How can firms protect themselves against the attacks that the group protesting the anti-Islam film threatened to carry out against Bank of America and NYSE?

Eric Friedberg What these threats show is that for global financial firms, threat assessment needs to be based on a complex global understanding of who the potential adversaries are and what are the likely attack factors. With the rise of hacktivism, companies are being targeted with what they represent to the attacker rather than what they did. There is a steep rise of hacktivism in the name of anti-globalization, anti-Wall Street, and intellectual property, and pro religious group X, Y or Z. That presents a complex web of challenges to security professionals. You have to be really thinking not just on a technology level but in behavioral and geo-political terms. Security professionals have to think about how all of these different groups are going to be perceiving their company and what the likely attack vectors are. If you’re just going through a check list without prioritizing risk on the basis of what the likely attack is, you’re shooting in the dark.

WS&T: How do you prepare for a Denial of Service attack, like the one that this pro-Hamas group threatened to carry out?

EF: You’re trying to manage an enormous amount of information being thrown at servers. You have to have an understanding with upstream ISP providers about what ISP can do to filter out as much of the junk that is thrown at you. You have to establish a preparedness plan. Contact people. Have a strategy. And understand what ISP can do to divert some traffic. Sometimes this traffic can be filtered out based on signatures and other criteria, almost like a junk filter.

WS&T: Are there any other ways that you can protect yourself?

EF: Yes, with load balancing within a company. If you have multiple servers and a DoS attack is targeted at a particular server, you can balance the load of traffic across many servers so that the functionality of your site doesn’t slow down. It’s very hard to do that if you’re first thinking about it when you come under attack. You also need to revise you architecture, establish incidence response plans, and bring in other types of technologies that can help prepare for those attacks.

WS&T: What are the other types of attacks hacktivist groups carry out?

EF: These groups are often trying to make a political point by embarrassing and causing temporary pain to a company. Recently they have found that by infiltrating pockets of reportable and personally identifiable information that a company has and exposing it to the public they have given the company an enormous reporting headache. They hack infiltrate a database, find people’s date of birth, social security and email addresses and make them public. Hacktivists are less concerned with financial motivation, and more with causing the pain that they understand follows from exposing the personally identifiable information (PII) that a company has.

WS&T: How can you protect yourself from this type of infiltration attack?

EF: Many of the data breaches that result in the loss of PII result from systems that were improperly patched, and are running software with known vulnerabilities. One of most important things is to make sure a company’s patch management system is up to date. Much of the harm comes from over retention of data. A company has millions of records that is can lose. From business purposes the company might have needed to retain only a couple hundred thousands of these records. But there’s been no housekeeping. So protecting against data breaches involves patch management, data retention and recycling.

Intrusion detection is another key area. A persistent attacker with enough skill and resources can attack most systems. Preparedness and early identification of the attack – having red flags go up when you’re under attack – are key. For most people it’s a question of when, not if, you’ll be attacked. You also need to have quality skilled people that know how to even identify and respond to attacks. And there’s a shortage of highly skilled incidence responders. Some companies don’t focus early enough on making sure they have a good internal team that has appropriate skill sets in this area. That’s hard to build when you first learn you’re under attack. When it comes to sophisticated attacks like state-sponsored espionage or hacktivism, there’s a unique skill set that is needed.

WS&T: Can you give us a few examples of the skills security experts need to combat hacktivist attacks?

EF: Large global networks have enormous amounts of information flowing through them. Even if you’re running intrusion detection systems, they generate massive amounts of information. The ability to interpret large data sets of logs and intrusion detection information and quickly hone in on something that represents a real threat as opposed to minor noise is one example.

When you find some malware on your computer on your systems, there’s a process of reverse engineering of malware: it has to be decrypted, uncompressed and pulled apart. A very unique set of skills is needed to figure out in advance how to pull this unique malware apart so that you can analyze code and you can see what the attacker will do with the code. It will tell you how the attacker is aggregating and exfiltrating (sending out of the system) the information.

Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio
Comment  | 
Print  | 
More Insights
More Commentary
Interactive Data Launches Continuous Fixed Income Pricing Service
Independent intra-day FI pricing is helping to shine light on the opaque fixed income market.
Gartner: 75% of Mobile Apps Will Fail Security Tests Through 2015
The rise of BYOD means enterprises must implement security testing and containment solutions, according to new Gartner research.
Chip & Pain, EMV Will Not Solve Payment Card Fraud
Switching to EMV cards will lower retail fraud, but it's not enough. Here's the good, the bad, and the ugly.
With UCITS V, $9T Isnít as Easy as It Used to Be
With UCITS V's restrictive remuneration rules and hidden costs, going global may get a little less attractive.
Banks to Increase IT Spend on Big Data Challenges, Finds Aite Report
Big data has presented the greatest challenges and dissatisfaction for banks, yet it is the most likely to see upward spending in the next two years.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.