You have to respect that ransomware attacks at least let you know you’ve been attacked. You’ll have an opportunity to defend yourself and batten down the hatches.
However, a rising tide of cyberattacks is much more sneaky about things.
Called “stealth hacking,” these subtle attacks try to see your data and processes without alerting anyone that this is occurring. In the world of consumer computing, this may manifest as keystroke-monitoring malware that installs from a malicious download. The hacker hopes to remain undiscovered and gather as much data as possible until the jig is up, or perhaps never be discovered at all.
The enterprise world is a bit scarier. The damage that a non-stealth hack can do is easy to define as to risk and cost. According to RiskIQ, in 2019, However, if you don’t know that you’re being monitored, the damages could be 10 times that of an instantaneous attack.
Since many stealth hacks go undiscovered, there is no good data on the damages that actually occur. On the top of the list:
- Insider trading of stock, getting access to sales and other accounting data pre-earnings announcements
- Pre-audit movement of cash from company accounts
- Blackmail due to access to HR records
The assumption is that this kind of hacking targets on-premises systems which often are being neglected now with the focus on cloud computing. But this problem is likely to move to public clouds as well, if it hasn’t already.
, come in handy. The core role of these tools is to keep systems healthy and observed, but they can also detect anomalies that may indicate an unwanted guest, such as odd performance behaviors at odd times. However, if the AIops tools are not talking to your security systems then most of this will go unnoticed.
I’m just scratching the surface of ways to avoid stealth hacking. Enterprises really need a holistic security strategy that’s systemic to all systems and all points of monitoring. Although these are not easy to set up and are costly to run, the price of dealing with a hack—either stealth or not—is at least 50 times more. Be smart with this stuff.
Copyright © 2021 IDG Communications, Inc.