The new cyber kill chain
Source: Ayse Kaya Firat, CloudLock
In July, the story of two “ethical hackers” taking down a car on the highway captured the attention of millions. If you have the means to hack a car, what is more “exciting” than taking it down? Well why stop there? Take down every smart appliance its driver owns.
But wait ― you can get even more.
The world of cloud is uber-connected. Even in the physical world, we have six degrees of separation between individuals; in the cloud, there are fewer degrees and more ways of establishing connections, such as social media, online transactions, and sharing files with collaboration tools such as Box, Dropbox, and Google Apps. In fact, a group of researchers has already proven that for Twitter. Their algorithm finds an average degree of separation of 3.43 between two random Twitter users. Through one individual’s connections, and the connections of the new victims, cybercriminals can get access to an organization’s entire database.
The cloud has significantly changed, and shortened, the cyber kill chain. It’s now easier than ever for a hacker to access the entire contact list of a single person, the organization they belong to, or even the entire supply/value chain of the organization.
The new cyber kill chain
Created by defense giant Lockheed Martin, the term “cyber kill chain” has been widely used by the security community to describe the different stages of cyber attacks ― on-premises. However, in the modern, cloud-dominated world, the organizational data perimeter has not only been expanded, it has been redefined by the user and contains an ever-growing number of entry points into the enterprise. As a result, the cloud has significantly changed and shortened the cyber kill chain from “recon, weaponize, deliver, exploit, install, command, act” to just “recon, deliver, act,” making it easier for hackers to access an entire supply/value chain of organizations assets.
Users today have unprecedented capabilities to create, access, and distribute sensitive information through both sanctioned and unsanctioned (self-provisioned) cloud applications. And with the era of Internet of Things (IoT) upon us, the amount of data within these cloud applications will not only continue to increase but will be accessed by interconnected organizations, networks, and devices.
With smaller degrees of separation between people and organizations, and the surge of Internet of Things, taking down entire supply chains of organizations has never been easier. This new era also ushers in a new time for security.
The 1 percent who put your organization at risk
The cybersecurity risk for organizations has increased even further with “power users” being targeted by cybercriminals as a first step in the cyber kill chain. Analyzing risk across 10 million cloud users, we found the top one percent of users account for 75 percent of cybersecurity risk in the cloud. Additionally, the top one percent of users own 57 percent of digital cloud assets, and the top five percent own 81 percent of digital assets of an organization. While this data might not all be exposed, a cyberattack on these few power users can result in a major data breach for the company, which would risk a majority of the company assets. But why should they stop with one power user, their connections, or even one organization? Organizations are connected with fewer degrees of separation as well (think external document sharing). As companies expand their supply chain and start to work with a growing network of partners, vendors, and clients, they run the risk of cybercrime through a web of collaborating businesses. You become only as strong as the weakest security posture in your network of partners.
Take the example of Citroen, a leading French car manufacturer: an ecommerce partner had a vulnerability in its software, which translated to the car manufacturer suffering an embarrassing public breach. The breach highlights the risks that companies face through external parties. Leveraging shorter degrees of separation and cyber kill chain, cybercriminals can get access to an entire chain of organizations.
And remember, it all started with the weakest link in chain: an ignorant power user ― or their smart toaster, refrigerator, car, etc. IoT presents a unique threat perimeter not seen in the traditional on-premises world. “Ethical hackers” taking down a car on the highway is just one incident in an ever-expanding threat landscape. While these new innovations allow us to be more informed, from a security standpoint, we’re less prepared for the interconnected IoT world. General awareness is the first step, while understanding content/context of the risk surface, and implementing safeguards are the next steps.
Ninety percent of world’s data has been created in the last two years, with one-third of it eventually living in or in touch with the cloud by 2016. With the growing interconnectivity of the cloud and the surge of IoT, the traditional cyber kill chain is no more. The pace and innovation of cybersecurity, and cloud cybersecurity, needs to grow along with it and should be an integral part of organizational strategy, embedded into core workflows an investment decisions.
Ayse Kaya Firat is the Director of Customer Insights and Analytics at CloudLock. Prior to CloudLock, she worked as a strategic management consultant for several Fortune 50 companies, specifically focusing on online search, mobile, and social media.
| }
|