Companies 'Must See Cyber Attacks as Inevitable'

Kaspersky employee
An employee works near screens in the virus lab at the headquarters of Russian cyber security company Kaspersky Labs in Moscow July 29, 2013. Sergei Karpukhin/Reuters

A top executive from the firm whose forensic experts investigated the Sony Corporation cyberhack last year says we "shouldn't be surprised" by the recent cyber robbery of up to $1bn - deemed one of the world's biggest cyber heists to date - and that companies should plan for the worst and see attacks as an inevitability.

A report by Kaspersky Lab, a cyber security company, revealed on Monday that up to 100 banks and financial institutions in 30 countries, including Russia, France, Germany, the UK, Spain, Poland, Norway and Switzerland, have been attacked in an unprecedented cyber robbery.

The gang responsible, dubbed 'Carbanak' and comprising of members from Russia, China and Ukraine, is believed to have been taking up to $10m at a time from banks over periods of two to four months since 2013, using various techniques including 'spearfishing' - the sending of malware-infected emails to individual employees which activate once opened.

Well-organised and more sophisticated cyber attacks are becoming more prevalent and a serious threat to large corporations. Last year Sony Corp suffered a massive breach of its systems by hackers who infected company PCs with malware, forced much of its network offline, exposed a tranche of confidential emails and released five Hollywood film scripts.

Richard Turner, EMEA vice president at cyber security firm FireEye, says this recent security breach is not a unique incident and that we will continue to see similar attacks. He says he feels we are a "significant way away" from getting the problem under control and a combined effort from governments and government agencies and greater information sharing is needed to tackle it.

"We can encourage businesses to spend as much money on this as we like, but until we can create a disincentive for people pursuing this career there will be an ongoing tide of talent moving into cyber crime and the problem will cease to reduce," he says.

"Legislatures should focus on building more collaboration between different countries and law enforcement agencies, so we can see a corresponding increase in successful prosecutions against this ever-growing wave of cyber attacks.

"FireEye is a big advocate of sharing intelligence - there is a significant role for government and government agencies to play in this."

He says financial services organisations are the most targeted group of commercial organisations, based on threat analysis compiled by FireEye on a regular basis, and that many are vulnerable to security breaches as they are not keeping up with the pace of the threat.

"In reality, most spending in security is on technology designed to protect, which is great until one of these groups manages to compromise them. In that scenario the organisation is vulnerable," he says. "In addition to spending money to prevent attacks, companies must have the mindset that breaches are inevitable, and they've got to be able to identify breaches quickly after they have occurred and then launch a proportionate response. This is a challenge for many businesses as they're not security companies."

He adds that businesses should look at their security spending and determine if it is enough, but emphasises that there should not be a call for ever-increasing sums of money to be spent on security - rather "quality rather than quantity". He says companies ought to consider developing partnerships with outside organisations to help them minimise the volume of attacks and understand how hackers got in and why.

"They must look at the risk a hack might have on their shareholder value and whether it has the potential to seriously harm the business," he says.

Meanwhile, Caroline Baylon, a research associate in science, technology and cyber security in the international security department at Chatham House, the Royal Institute of International Affairs, says this recent attack highlights the problem of the 'loop system', where cyber criminals become more wealthy and resourceful following a successful hack operation.

"It's much cheaper to attack than to defend," she observes. "Cyber criminals are stealing money from banks, so now they have even more money; they become very successful and well financed. Launching an attack is cheap compared to the potential pay off."

She says she wouldn't be surprised if, in the future, this method of attack was used by warring states to destabilise their financial sectors.

"No state wants to open this can of worms," she says. "But if you had tensions between two states, as we do at the minute, then if you can undermine confidence in the financial sector and banks, that could be more effective than launching a physical attack."