Cyber security series - Who is targeting you and your third parties?
20 November 2017
Security compromises continue to make headlines in the press. Increasingly we see organisations reporting losses of data with others being hit by the rising wave of disruptive malware, NotPetya and Bad Rabbit being the most recent examples.
Cyber-attacks commonly have a clear target or some obvious modus operandi. What has changed is that organisations are increasingly being caught up as ‘collateral damage’ in wider attacks. In the case of NotPetya, this was an attack in the Ukraine which, due to software distribution services, ‘leaked’ into the wider IT ecosystem and very quickly proliferated. When it comes to information security – it is important to understand your place in this wider ecosystem. Getting the basics right is one fundamental step that helps you avoid becoming collateral damage or getting caught up in someone else’s issues. Understanding who the attackers are, how they operate and why they might attack you can help you shape your defences against a targeted attack and develop a more effective security strategy.
In 2017, PwC published a report about who the attackers targeting the energy sector are. This research came to the following conclusion:
‘We believe that espionage threat actors pose the highest risk to the energy sector. An attack by hacktivists or cyber criminals is possible but less likely. Although there is precedent for destructive sabotage attacks on the sector, we believe these are less likely for the majority of organisations.
- Espionage is ‘for the nation’,
- Criminal is ‘for the money’,
- Hacktivist is ‘For the cause’ and
- Sabotage is ‘for the impact’.
And their areas of interest are often as diverse as their modus operandi. Our research concluded that areas of interest for state-sponsored attacks are likely to include:
- Oil and gas field research data
- Documentation on the transport and delivery of resources
- Business deals
- Strategic organisation information
Industry competitors meanwhile are likely to be interested in:
- Exploration data
- Drilling technologies
- Refinery processes
- Sensitive data relating to business deals
- Potential new operations.
Like robbers targeting a bank, the way in is not always through the front door. When it comes to targeted attacks we see an increased use of supply chain and third party attacks, where trusted third party organisations are compromised to provide a way in.
You might be a small organisation that is responsible for supporting critical services, or a large consumer of third party services to support your critical processes – understanding the impact of your operations on the wider supply chain is paramount. With this in mind it is important to ask two questions of your organisation:
- Could you be targeted because you are the weakest link?
- Are your third parties being targeted to get to you?
The recent Cloudhopper report , whilst focusing on managed IT environments highlights the problem. Someone else’s security shortcomings can quickly become a real problem for you.
In summary, it’s increasingly important that companies understand who might target them (and their supply chain) and why. Increasingly you need to look for assurance from trusted third parties that they aren’t the weak link in your supply chain. Do you know which third parties have access to your IT and OT environment? How do they secure these connections and would you know if someone used them maliciously? And in this environment, sharing information about the threats and trends we see helps us build our ‘herd immunity’.
So if nothing else consider joining the UK Government’s Cyber Information Sharing Partnership (CISP) - it is free and will help you connect with peers facing the same problems as you.
John Hinchcliffe, cyber security specialist
Tel: 07702 699 175