Event Recording

Know Your Enemy and Know Yourself, How to Win at Cyber Warfare and Turn You People From the Weakest Link to a Defence Mechanism

Log in and watch the full video!

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” ― Sun Tzu, The Art of War

Join this session to gain a deeper understanding of threat actors and the current threat landscape, in order to help you adapt and protect your organisation from cyber warfare. We know adversaries do not rest. Attacks are growing more destructive, causing mass disruption to organisations and society. Take away knowledge of Threat Actors, current attacks, strategies to defend your organisation and understand how your workforce puts you both at risk but can also be leveraged to be your first line of defence.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Oh good. And Zes and good afternoon everyone. I am Connie McIntosh as introduced. I'm head of security for this market area for Ericsson. I am so super happy to be back at the Cybersecurity Leadership Summit this year. Although I was hoping to be there in person, I really would have loved to have been there to meet you all. But sadly, I'm here virtually and I'm gonna talk to you today as you know about how to turn your people from your weakest link into your defense mechanism. But first, I want to look at the enemy and myself because I have a very famous quote, which we will have a look at. You know, threat actors. If you know your enemy and you know yourself, then you, you know, you need not fear your enemy, but if you know only yourself and not the enemy, you'll suffer defeat.
Or if you know neither, then you're in real trouble. So let's have a look at the agenda. We're just gonna have a quick look at threat actors who are the enemy. We're gonna focus on a particular type of threat actor. We're gonna look at the current threat landscape and then how to, you know, win, how to strategize to defend your network, knowing yourself and your organization, and then how your workforce puts your organization at risk. Just some quick stats to have a look at how bad it really is. And then also let's look at how we can leverage them to actually turn that around. So if we look at the threat actors in cyber warfare, there really are seven key categories of threat actors, and we are not going to actually look at all of them. I would love to, but I have really limited time today, in fact, even less than I thought I had.
So if you see me going quite fast in some points, it's so that I can get to the end, which is the good stuff. The human factor, I probably should have put those slides first, but it kind of didn't make sense to explain, you know, the human factors upfront without understanding why it's so important that we make sure we defend on those. So we are really going to focus on the highlighted here, the state sponsored actors. Now those are cyber criminals and they are usually directed or, or funded by nation states. I'm sure many of you already know that this is not new. They really are there to steal nation secrets information or really undertake financial espionage. So they want to take funds out of other countries to fund their own programs. So without, you know, looking too deeply, we can look here. The human error, it's to her is human.
And the simple truth is that not all threat actors internally are malicious or intentional. And we will really dig into that in a minute. So let's have a look at some of these known. Many of these are known probably by you, but this actual group here is the latest research from CrowdStrike. They do a lot of intelligence and this is the ones that they have found really most active now. And of course I don't have time to talk about each and every one, but just to look at a few, particularly those that attack the eu, we have the bears, they are Russian origins, so fancy bear, cozy bear, venomous bear, others, et cetera. Also known as a P T 28, a p t 29, they a p T 28, which is fancy bear really focuses on targeting NATO countries or NATO member states or those wanting to join nato.
You have cozy bear who really a p t 29 focuses on really looking at volume spear fishing. So really delivering malware via spearfishing. That's their modus opera around us. And then we also, you know, have venomous bear who really is more about the intelligent side. When we look at the spiders. They are also from Russia. They are responsible. So for some really technical malware, trick bot, trick loader you've probably heard of, they also enable like financial espionage through the fact that they have ransomware as a service. And they host dedicated leak sites. So where you can, you know, incentivize, you know, ransom payments, you know, effectively they, they focus on rev evil, which is one of their main tools. So then we'll move on to the chile's. And those are the North Korean actors. And so they're primarily focused on energy academia in financial services, government and technology.
And really they are really interested in financial gains. So they're about, you know, collecting not only, you know, money, but also intelligence that can help their economic economic status and their economic intelligence, but also help their military. And they target EU mostly Russia, believe it or not, is their main target. And Asia. So they, they've, they've got a mixed bag. The one I really wanna focus on because it targets actively Germany, so this should be of a lot of interest to you, is ocean buffalo from Vietnam. They're also known as Ocean Lotus Sea, Lotus a p T 32. They have a wide range of tactic and techniques, and their really primary objective is to take information and they're concerned about, you know, anything relating to their government. So I'm not sure you know, why they've chosen Germany, but it's one of their main targets looking really for geopolitical slash you know, economic espionage on that one.
The leopards, the tigers and remix kitten are all here, but I haven't really chosen to talk about them because they don't actively target EU as such. I mean, of course, you know, it may happen, but it's not one of their primary targets. So if we look here at, you know, cyber warfare actors, there's a range of, you know, categories that they can fall into, activism, espionage, destructive, you know, such, you know, you've got examples of that, which we've seen during, during the war with Russia, Ukraine, but you know, also those e gangs, which are really about financial incentive. So the primary characteristic, you know, of an a P T attack is really that they, they are using really sophisticated skills and tools and it's a multi phased attack. And what I can tell you from my history and my background is that they are very efficient.
And once they are in your network, they are incredibly difficult to remove. They have footholds and back doors. And even when you're aware that they're there and you've thought that you've got them out, is highly likely that they will return either because there is a back door you haven't closed or found, or because they are again, actively attacking. So really the phases as, as with most attacks is reconnaissance access to the system, lateral movement. And data exfiltration, though mostly with a p t, they sit and watch for a long time. They really target the information they want, or the actor looks at what's happening on the network and they try to stay very quiet. So often, you know, we've seen, you know, situations where there could be an actor there for some time before you're, they're even found. So an ABT actor is a highly targeted threat.
So they will look for high value targets. They, they don't just randomly, you know, attack anybody for access. They will find a target, a certain target, usually someone with admin privileges or very high in your organization. We have found, you know, that there, there's actual proof that there is studies that spearfishing is used by 90% of a p t attackers. So we know that email attacking the human is one of their favorite modus apparatus, but it is because it's the easiest, it's the least effort if you like to get into a network. But I've got some really interesting facts for you about nation state attacks that 58% of all nation state attacks last year were launched by Russian nation state actors. Probably no surprise to most of you, ransomware again is the preferred weapon along with spear fishing and the big four. So the most active being Russia, China, North Korea, and Iran, nine in 10 organizations believe that they have been targeted.
I think you could ask yourself, do you know if you've been targeted, how would you know? Of course these are advanced attacks, they wanna stay quiet. So it can, it can be some time before they're even found. But think about your own networks and, and are you an attractive target or are you a supply chain target for somebody who is also more interesting, The average attack of an A P T, the cost to business is estimated to be 1.6 million per incident. So it's quite a lot. So let's take now a quick look at the actual threat, current threat landscape that we're facing. These eight categories here are actually, and you may have or may not have had the privilege yet to read the Anisa threat Landscape 22 report, which was released last week, is a very, very good read. These categories are the, the main threat landscape that they have seen.
So ransomware attack is not new, of course, most people have seen high profile incidents that have led to long, you know, destruction coming in and out of people's networks. I think many of you may have already had a ransom where either privately or you know, someone who has, or you've had one in your system, they're very difficult to stop, you know, because unless you have, and I've got some good techniques to, to thought those, but you know, once somebody clicks on a ransomware link or the malware, it's very fast. And so you've got to have good strategies to stop the destruction within your network. The question really is to pay or to not pay. I think most people, that's gonna be the toughest decision about whether you pay, How quickly do you wanna get back online? The actual government and the certs are really renowned to say do not pay.
And there's a good reason for that. We'll see that a little bit later because it is so low. The percentage of data you will get back. I think all of these others are quite familiar to, you know, malware being one of the most efficient ways that is distributed by spear fishing to gain access to your network. And social engineering, of course is to exploit the human error. Social in, in social, you know, systems and engineering, social engineering, lu's users really, they want them to open documents, files, emails, websites, you know, drive-bys. They really are getting more and more sophisticated. And you know, you're gonna see a little bit later the statistics of how many people actually will click on these. So I think supply chain attack and disinformation misinformation are very new in terms of the cybersecurity landscape. I think DDoS and availability have been there for a long time, but we really are seeing the disinformation misinformation prevalent in the Russia, Ukraine situation because we're having those information controls, as you know, in Russia about what is allowed to be said, what's filtered, what's there.
And so that is of course also in other areas. But, but no more publicly have we seen it than in the Russia, Ukraine supply chain. Of course, the the largest and probably one of the first I can think of is solar winds. That was certainly a very large supply chain attack and it caused a lot of concern. A lot of companies suddenly asking about supply chain. So I don't wanna go through this all here, this is more background for you, but the, the top three, let's say, most valuable information to a cyber criminal is your customer information, your financial information, strategic plans, the biggest cyber threats it's agreed by both sands. Is fishing a absolutely number one, it has been for many years now, malware, of course use of stolen credentials and cyber attacks just purely to disrupt, you know, more like DDoS attacks really for disruption.
So what do you do about all this? We're already very quick to lose our time, so I've gotta work through this really quickly and not talk at all in depth about all of these strategies. But most definitely defense in depth is your best friend. Zero trust is your best friend. You have to treat, you really have to treat like the human or access as a vulnerability. You must treat it as untrusted. You have to have, you know, those software defined perimeters as well as your physical perimeters and you must, you know, verify every login to skip through this really quickly so we can get to the good stuff. The Australian Signals Directorate is really recognized worldwide as having one of you know, the most efficient, you know, prescription on how to defend 85% of actual cyber intrusions. They're really simple for quick steps application, white listing obviously to prevent malware, patching your applications, of course patching your systems and restricting administrative privileges With those four things they are saying that you will stop 85% of those attacks.
So I, I think those are not hard to implement and I would highly recommend everyone does that. I'm not gonna talk to this one, but I included it because when you do your tabletop exercises, you should use this particularly because you can choose the threat actor. And what it will show you is its modus append us and then how you can defend against it. Mira attack framework is, is really fabulous for that. I, I always use this for tabletop exercises. So let's get to the good stuff people, we know that they are your biggest risk, but we need to turn that around. We need to make them your first line of defense. Some scary statistics, which I am sure are not new to you. 95% of breaches are caused by human error. This is backed up by a number of studies. This is not just one study, this has actually happened year on year.
94% of privacy incidents are caused by unintentional human error. We see that, you know, ransomware payments are skyrocketing cloud intrusions due to human error and that 94% of malware is delivered by email. So we are seeing, you know, the increase of this happening and it's usually from the human error. So what we see now, they're predicting by 2025 that we are going to worldwide hit 10.5 trillion in the cost of cyber crime. It, it is no surprise why it is big business. I I'm not gonna talk to this, but I do wanna highlight to you that the personal breach statistics in EU for 21 Germany has the highest number of personal breaches. So yeah, whilst we're doing the good corporate thing, we probably need to be educating our friends and family as well. Very famous hacker, Kevin Mitnick says, Social engineering bypasses all technologies including firewalls, and he couldn't be more true.
So why, why is the human the largest risk? Because we put a huge amount of cognitive overload on our people. 35,000 decisions a day. I mean, do you really, really think you make 35,000 decisions a day? It's phenomenal to think, but there are studies and it has been proven. And what happens is that with those decisions they compound. So the more decisions you make, the more fatigued you get. And this is why you see people like, you know, Mark Zuckerberg and you know, Bill Gates, they wear the same thing every day and they have even publicly stated that it is to reduce the number of decisions they're making. They realize that it's really important that the important decisions are are left and you don't make decisions based on silly things like what I'm gonna wear today. So what happens is that, you know, we, we know that making decisions in the morning is absolutely the best time.
So for your people, you want them making those decisions in the morning, not when they're stressed, tired, distracted or burnt out. If we all think about, you know, do we actively check our email headers? Do we really do that? Have we ever opened an email from someone we don't know? Have you ever clicked on a link in an email? Of course we have. And and the busier we get it means that we're not gonna have as much time to do these things. So I wanna talk to you about, you know, human nature because it's the most affecting thing when it comes to fishing and, and really it's about having those triggers. There's, there's these psychological triggers that when people are under stress, they tend to throw good decision making out and, and they put it under the bus. And so what I wanna, what just wanna share with you quickly is that the most susceptible to fishing.
And when I read this, the first thing that came to my mind is gonna be the 70 to 80 year olds. It's not, it's the 18 to 25 year olds. So really we need to, to focus on that age bracket in our workforce, educating them well, but please remember Hanlon's razor that you know, we never should attribute to malice that which is explained by stupidity. It's a good rule. What it means is bad things happen not because people have bad intentions but because they didn't think it through properly. So quickly I'll talk to you just theory of plan behavior, build it into your education. Cyber education programs, it really talks about how people make good security decisions. So if you wanna influence or predict a good security attitude, you really have to have, there's really three things that affect decisions. It's the the benefit, the what's in it for me, the encouragement from others, and then seeing that good behavior by their peers.
Those three things will actually cause good security choices by your people. Distractions in work from home and B Y O D are of course are added risks. But we won't talk about them right now because I want to finally wrap up with this slide and you can read it in your own time later. But what I can tell you is that the key to cutting decision fatigue is break times, give your staff as many and frequent small break times as possible to allow decision fatigue to be overcome. But you must ask them also to really take ownership of that, as in get a good night's sleep, eat a good diet, you know, all those factors come into play to also make your first line of defense they need to be aware of, of the risks. So not only do we need to make them aware of what the risks are, but how they can help.
Because employees need to understand, you know, when the organization gets impacted, it's real, it's not theory. So if you give them examples then it's real to them. Of course culture, you must have a good culture. And I say that security must be a topic at every employee meeting. If you're not talking about it, if it's not visible then it's not part of your culture. So I will wrap up and I will say thank you very much. I know it was a lot in a very short time and I know that we have a panel next, so if we don't have time for questions now we can take them in the panel. And dca Zia and thank you for joining. Thank you so much.

Stay Connected

KuppingerCole on social media

Related Videos


Recap Cybersecurity Leadership Summit 2022


Key Findings on Malign Information, Misinformation, and Cyberattacks

Ksenia Iliuk, Head of Research at Detector Media, Ukraine tells us about some key findings of their research in the media landscape of Ukraine. Find out what she has to say about Telegram and what it has to do with #cybersecurity .

Analyst Chat

Analyst Chat #149: The Top 5 Cybersecurity Trends - Looking Back at CSLS 2022

Deep Fakes, AI as friend and foe, Business Resilience, Mis-, Dis- and Malinformation: The Cybersecurity Leadership Summit has taken place in Berlin and covered all of this and much more. Martin Kuppinger and Matthias look back on the event and identify their Top 5 Trends from CSLS2022 in…

Event Recording

Assessing your Cybersecurity Tools Portfolio: Optimize Cost, Increase Security

Most organizations don’t suffer from a lack of cybersecurity tools. They suffer from the cost and administrative burden of running too many of these. They suffer from the lack of integration. They suffer from the lack of skills in optimally configuring the tools and analyzing the…

Event Recording

Cyber Warfare - A Reality Check

Cyber Warfare and Disinformation have been heavily weaponized since Russia´s full-scale Invasion of Ukraine and even before, aiming at destabilizing the free part of the world. It is the "synergy of the evil" between cyber warfare and MDM (Misinformation, Disinformation,…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00