Published on the 15/04/2016 | Written by Beverley Head
Large enterprises could benefit from playing cyber criminals at their own game – but there are major risks for smaller organisations attempting any form of cyber vigilantism…
With Australia focused on cyber security this week, courtesy of the Australian Cyber Security Centre (ACSI) 2016 Conference being held in Canberra, Trent Heisler, worldwide vice president of engineering operations at LogRhythm has reminded companies to be careful when squaring up to cyber attackers.
Heisler, who presented at the conference on “tactical diversion-driven defence”, said that while there was much to be learned from this approach by large sophisticated enterprises, it was risky for smaller outfits. These businesses should continue to toughen up the perimeter, subscribe to threat analysis services, and educate their staff and partners about security risks.
Larger, sophisticated businesses meanwhile could potentially become more effective in combatting cyber threats by playing hackers at their own game.
“For example with honeypots to create false objectives to lure adversaries in,” said Heisler. Once the black hats had been lured to the honeypot set up by the company it could watch what they targeted, what tools they used and get to grips with their general modus operandi.
“You let them in then start recording what they are doing, what payloads they launch and what tools they are leveraging,” said Heisler.
He said that large enterprises had shifted their security thinking away from an expectation that they could completely protect their operations from attack, to a realisation that attacks were inevitable – and it was the response to that attack that was important. Getting a better understanding of what cyber criminals were doing was useful allowing companies to adapt their security policies in response.
But he warned that cyber criminals would quickly spot poorly designed honeypots, rendering them useless. “Sophisticated actors can quickly identify low quality traps,” he warned.
Indeed Heisler said that only the top 10-15 per cent of organisations in Australia had the security smarts to allow them to take on computer criminals directly, with healthcare, government, finance, energy and retail leading the way.
The risks of cyber attack are not abating. CERT Australia, the nation’s lead cyber attack response unit, this week warned of a new phishing scam which it said had been launched several times in the last couple of months. The scam took the form of an email sent to the HR department purporting to be from the CEO asking for the names and addresses of all employees.
According to CERT; “The scam presents as a significant risk to employees’ personal information as personnel data contains names, addresses, wage amount, tax file number and health care information and could be used for identity theft or tax fraud.”
