A Good Defence is about Understanding Cyber Threats

Follow

In the era of the Internet and emerging technologies, we are supposed to deal with different sorts of cyber threats, risks and attacks. This modern time brought a lot of advantages to the Human Kind, but also some fast-spreading and increasing security issues. It seems we are connected with the risk more than ever before. Cyber environment may appear as so friendly and convenient, but for real it brings a lot of nightmares to its visitors. In this article, we discuss all the disadvantaging things you can face up in cyberspace and also suggest why cyber security and a good undersigning of the problem is so important for a good defence. So, let’s start.

What is Cyber Security?

In the ancient China, there was the belief that our world had been governed by two opposite forces. Yin and Yang. The force of the offence and the force of the defence. It has been believed that world could be in harmony only if those two forces are in balance.

Similarly, a modern experts see security as a balance between attack and defence. Cyber security is also about balance, but in cyber means. Sometime it may happen that a cyber system loses its balance. Some of the forces – either attack or defence can make advantage. In such a case, it is crucially important for a system to return its balance. That ability to return lost balance is called stability. This claim also has its origins in mathematics and can be proved through precise equations.

So, what would be the point of cyber? How can we define that term? Cyber is everything about the web, mobile devices and computers. It’s quite commercial terms and means many different things to many different people. Basically, there is no universal definition of cyber. Very often, cyber security is named as cyber. Well, if we say cyber, we may mean cyber security by that. Quite exciting, is not it? Indeed. Let’s continue with our talk.

Cyber Threats – How Bad are They?

Some define cyber threat as a person or organization intending to cause harm at cyber level. It is usually believed that there can be a lot of cyber risks and attacks in cyberspace. The main risks that cyber community experience nowadays are (1) cyber crime, (2) cyber espionage, (3) cyber warfare and (4) activism. Further, we would try to illustrate and understand those sorts of threats.

Let’s start with cyber crime. What is it? Cyber crime is every sort of illegal activity obtained on computer or network which aim is to get money. At the beginning of cyber era, cyber crime was about breaking into someone’s computer, making changes into that system and leaving. Right now, it’s about the money. It’s about stealing credit cards, confidential information, passwords and so on in order to take advantage. Cyber crime commonly can be discovered using cyber forensics diagnostics.

On the other hand, cyber espionage is about information regarding someone’s activities which are gathered secretly through some sort of cyber devices. This sort of activity can have a different background and can be distinguished as economic and military. It’s obvious what would collecting of information in secret mean in terms of economic interest and what in terms of military goals.

The next term to get explained here would be cyber warfare. Sounds spectacular, but it’s not. It’s something that occurs in the world every single day. There are a lot of state and non-state programs which aim is to do sabotage or cause harm to computers or equipment of certain individuals or groups. Also, there are a lot of such malware like viruses or worms in the world which are created to prevent the state or organization from terrorism, organized crime, hackers, etc. The well-known advanced threat of today are those which cannot be detected easily. Some of the examples are Stuxnet, Flame, Shamoon, and so on.

Finally, we should say several words about activism. Activism is none of above. It’s also about computer breach, but with a goal to show that you are capable of doing that, to send some social or political message, to embarrass your target, etc. It’s about people who can do that and who will do that, just to show they can.

Cyber Metrics – How it Matters?

Cyber metrics can be defined as a set of measurements that can be applied in order to control, understand and, in terms of threat, defend your cyber system. It’s about finding a quantitative values of certain cyber parameters such as a number of infections, data breach rate, amount of viruses in the system and so on. Metrics can be expressed through numbers, percentages or averages.

Once all the quantities of cyber system are detected and measured, it is possible to analyse those data and to present them through graphs, statistics or models. Cyber metrics is a great stuff because it can support us in controlling, understanding and defending a cyber environment. It’s, basically, the key factor in defence.

In order to obtain a good cyber metrics, it is recommended to follow the best industrial practice which will support you in metrics and models preparation. For that purpose, the following steps could be applied: (1) defining the metrics program goals and objectives, (2) deciding which metrics to generate, (3) developing strategies for generating the metrics, (4) establishing benchmarks and targets and (5) determining how the metrics would be reported.

Finally, threat metrics is about measuring threat. As given before, threat is an individual or organization which intends to do harm. It seems a bit of hard to measure such an abstract term. Maybe we should have a closer look at what cyber threat is for real. Basically, it’s about a potential or possibility to some cyber harm to occur. So, throughout that perspective we should observe cyber threat metrics and its modelling.

Understanding and Defence – Why Can They Go Together?

At the end, we should explain clearly why understanding of the problem and defence can go together. Well, this is something that we can get intuitively, is not it? Better we understand the issue, threat, risk, better we will find a way to protect against it. It’s similar like a warfare. If you understand your enemy, you will have a better chance to defeat him. Additionally, understanding is only a key thing, but your capabilities, technology, ability to learn and adopt will decide how will win the war.

References:

[1] Mark Mateski, Cassandra M. Trevino, Cynthia K. Veitch, John Michalski, J. Mark Harris, Scott Maruoka, Jason Frye, Cyber Threat Metrics, Sandia National Laboratories, 2012
[2] Scott Charney, Rethinking the Cyber Threat: A Framework and Path Forward, Microsoft, 2009
[3] Shirley C. Payne, A Guide to Security Metrics, SANS Institute, 2007