Special Reports
A special report is content that is edited and produced by the special reports unit within The Irish Times Content Studio. It is supported by advertisers who may contribute to the report but do not have editorial control.

Who are the bad actors in cybersecurity and how can they be stopped?

It is critical for business leaders and cybersecurity teams to engage and develop a flexible resilience strategy ahead of time rather than testing it in the middle of a crisis

Financial gain is a primary motivation for many bad actors, but increasing levels of hactivism and nation state activity is more about disrupting services and processes for political gain

Thu Aug 24 2023 - 00:00

Cyber breaches are on the rise, with major companies having faced them both here and abroad. For both businesses and individuals a cyber breach can be catastrophic – but who is behind them, and how can they be stopped?

A cybersecurity breach can impact an individual and its business in lots of ways, operationally, financially and reputationally, says Noel Comerford, director, Deloitte. “In extreme cases it can be fatal for an organisation. Dealing with an incident can be time-consuming and stressful which can also impact staff morale.”

Comerford says cyberattacks can be politically-motivated, “as we have seen with recent escalations associated with the Ukraine conflict, so we tend to group bad actors into the following categories: Nation states, hactivists and advanced persistent threat (APTs) groups with a financial/cybercrime motivation and insider threats. There are dozens of APT groups currently operating out of locations such as China, Russia, the Middle East and South America. They are well-funded and well-resourced.

“Financial gain is a primary motivation for many bad actors, but increasing levels of hactivism and nation state activity is more about disrupting services and processes for political gain.”

READ MORE

On the rise

Disruptive ransomware attacks have continued to grow this year, says Dani Michaux, head of cybersecurity, KPMG. “In addition, the rise of generative AI and its usage to craft more sophisticated, quicker and larger-scale attacks continue to evolve. We also continue to observe the evolution of emerging technologies such as blockchain, biometrics, industry 4.0, hyperconnected systems and virtual reality just to name just a few. We note that all of these can pose new security, privacy and ethical challenges, and raise fundamental questions about our trust in digital systems.

“All organisations should consider cybersecurity, privacy and ethics issues up front when exploring emerging technologies, including the evolving risks associated with adopting AI systems. And not forgetting organisations should continue to focus on building resilience within the ways they operate and the day-to-day running of their business. Resilience conversation should continue to take central stage in the board, management and stakeholders’ conversations.”

Impact over intention

Cyber breaches have various impacts such as operational downtimes, direct and indirect financial losses, loss of management time in dealing with the breach, increased security of stakeholders, negative perception and brand/reputational damage to name a few, says Michaux. “But there is also a more human element which we often forget like pressure and stress. We deal with people from the operational and cybersecurity teams responding to the cyberattacks, who are under immense pressure to restore operations to the management teams and executives, who need to deal with difficult situations with often very little information at the time of the cyberattack.

“Often we find a lot of key people dependencies and individuals put under a lot of stress and indeed long hours without rest, leading often to attribution and burnout. The anxiety, uncertainty and doubt about what impact a cyber breach has had on personal data and indeed individuals. Sometimes people fear that quite personally important information for them is now out in the wild.”

Michaux says we need to consider the holistic impact cyberattack has, not merely from an overall organisation perspective, but also taking into account the broader impact it has on the customers and ultimately society.

Protecting against attacks

It’s critical for business leaders and cybersecurity teams to engage and develop a set flexible resilience strategy ahead of time rather than testing it in the middle of a crisis, says Michaux. “The security teams have a strategically important role within the organisation, but should also step up in the effort to engage with the board and business stakeholders on the overall objective of resilience. It is a hard but necessary conversation.

“In addition, we recommend that a ransomware or large-scale technology disruption attack simulation is performed within the business. This is an eye-opening event as it can reveal how companies lack sufficient safeguards to defend against the latest techniques, but they also uncover additional vulnerabilities, sometimes more broadly within the supply chain. Just focus on working as a business to simulate the scenarios and identify the areas you can improve rapidly on – not just on the technical IT side, but also across the business process.”

LATEST STORIES