It goes without saying that digital transformation—the reengineering of core business processes leveraging digital technology—dramatically increases cyber risk for most organizations. It usually results in greater avenues of connectivity, collection of richer data from more sources, use of cloud services, extension of trust to more people and entities, and incorporation of smart devices in one form or another.
ATMs are literally boxes of cash—too good for criminals of any stripe to pass up. When ATMs first emerged, thieves used brute-force tools like crowbars, explosives, and propane torches to remove the ATM machine itself or get at the cash inside. As recently as April, three men were charged in Salt Lake City, UT, for trying to blow up ATMs and steal the cash.
As we survey the threat landscape, two things are certain—targeted attacks and advanced persistent threats (APTs) are here to stay, and organizations face increased risk from advanced attacks compared to the past two years. Several existing trends will continue, and we’re seeing attackers refine their tools in ways that will drive new trends in the coming months.
People usually associate “advanced persistent threat” (APT) with malicious outsiders—nation-state or other sophisticated attackers. Generally, once an APT attacker has established an initial foothold, they conduct “low-and-slow”-style attacks involving a prolonged period of reconnaissance and lateral movement. Insider threats are usually thought of as intentional (or sometimes accidental) acts of data theft or other compromise committed by trusted users who know their way around and have legitimate, open access to sensitive assets.
It goes without saying that rigorous security controls are irreplaceable. But no matter how strong an organization’s cybersecurity defenses are, determined attackers will still get in. Whether malicious insiders or external actors, persistent attackers fly below the radar and reside for months inside a network. They’re patient, studying the infrastructure and carefully planning their attack because what they’re typically after are the crown jewels of your business: essential data volumes, intellectual property, financial transactions, or revenue-dependent business operations.
Deception can play a powerful, multifaceted role in helping financial services organizations protect their crown jewels. Our recent post, By Detecting Lateral Movements, Banks Can Get Ahead of Fraud and APTs (Aug. 21, 2017) described how deception is used to combat fraud. In this post, we’ll look at how deception can play a strategic role in defeating insider threats.