A new report from threat-intelligence experts Crowdstrike has highlighted the continuous shift from individual cyber-criminals and cyber-gangs to skilled adversaries such as governments and large organisations.
Crowdstrike's 2015 Global Threat Report underscores how outdated the mantra “people, processes and technology” is within cyber-security, and how in today's threat environment, it takes people, processes, technology AND intelligence as mandatory elements of stopping breaches.
According to the report, the economic downturn and new Five Year Plan in China will continue to drive their state-sponsored cyber-espionage activities. The report suggests a hypothesis that the intrusions were executed in an effort to better understand western healthcare systems in order to satisfy the healthcare objectives of the plan.
The situation in the Ukraine and falling oil prices will continue to fuel targeted intrusions from Russia. SC recently reported that Russia plans to significantly strengthen its cyber-offensive capabilities and intends to create a cyber-deterrent that will equate to the role played by nuclear weapons. Sources close to the Russian Ministry of Defence told SCMagazineUK.com that it is likely to be in the range of US$200 million to US$250 million (£140 million to £170 million) per year.
The conflict in the Middle East between Saudi Arabia and Iran over Yemen will continue to generate hacktivism from that region. Several notable geopolitical events occurred in Iran during 2015 that shaped cyber activity, most notably the finalisation of the Joint Comprehensive Plan of Action (JCPOA) that should see several trade sanctions lifted from Iran.
Portions of Iran's 6th Five-Year Plan (6th FYP, 2016-2021) also reveal the Iranian government's focus on improving national cyber capabilities. Such improvements support many national goals, several of which are likely to continue to control and censor the flow of information in Iran and strengthen national capabilities to support Iran's aspirations toward regional hegemony.
The report concludes in saying that CEOs and boards of directors who ignore or disregard the ramifications of global events such as these will pay for it in the loss of revenue, jobs, intellectual property and shareholder value.
George Kurtz, chief executive officer and co-founder at CrowdStrike, said: “Distant geopolitical events occurring in disparate parts of the world are actually creating ripple effects that wash up on the doorstep of industries and companies thousands of miles away in the form of cyber-threats. Business and organisations ignore these geopolitical developments at their own peril if they do not allocate adequate resources and build the capacity needed to protect their information and networks.”
Adam Meyers, vice president of Intelligence at CrowdStrike, said: “Today, technology, processes and people are not enough to stop the threats that will continue to evolve in 2016 and beyond. Actionable intelligence is critical for fortifying a security posture; understanding adversary motivations and the reasons for their actions is critical to businesses being able to anticipate what they will do next, to whom and why. This report is intended to provide that very intelligence to outline the context, motivations, trends and triggers of today's attacks. The information in this report is a powerful tool to help businesses prevent, detect and respond to real-world threats that are more methodical, targeted and organised than ever before.”