Read Time: 3 Minutes
Avoiding cyber threats can be a brutal battle. An attacker only needs to succeed once to gain access to a network. Defenders must succeed one hundred percent of the time if they want to keep the attackers out. In practice, it’s just not possible to be perfect 100 % of the time.
History of cyber crime
The world of cyber security has evolved quite a bit from the innocent beginning when viruses were spread for fun by kids on floppies and academics were sending each other worms. Attackers today are highly skilled. They are motivated by financial gain, access to sensitive information or damage to a brand. What started as a hobby has evolved into crime with serious consequences.
A motivated attacker will find the keys to the kingdom
The traditional defences, such as firewalls and endpoint protection, do a good job at what they’re meant to do – namely detecting and blocking commodity threats. But you can’t expect these solutions to stop advanced threats and targeted attacks. Modern attackers’ goal is to get access to the network and they need to find the keys to the kingdom – the passwords to critical systems. They will not stop until they reach their target.
Advanced attacks are not about the code – they are about the humans
Skilled attackers rarely, if ever, use malware. The attacker’s first goal is to identify potential targets for their mission. The attacker may collect information about the target company, set up a fake company, register domains and create fake profiles for social engineering purposes.
Once the attacker determines what defences are in place, they choose their weapon. The selected vector is often impossible to prevent or detect. It can be a zero-day exploit, a spear-phishing campaign or bribing an employee.
Social engineering is effective because it exploits trust. Thus, the human factor is often the weakest link in cyber security.
Join us on an adventure down the rabbit hole
On average it takes 100 days to detect a breach. How can defenders succeed in this constant battle against the highly professional attackers? What could be done to detect and respond to targeted attacks at the earliest possible stage?
In our documentary series, Linda Liukas is on a mission to go down the rabbit hole of cyber security. She is going to travel around the world collecting advice from the brightest minds working in the field of cyber security.
Linda Liukas is a programmer, children’s book author and a TED speaker. She is a master of turning complex issues into simple, fun and colorful. So often cyber security sounds like sex education: full of fearmongering, or dull and impractical. In the F-Secure documentary series Linda will explore the threat landscape, how attackers operate, how artificial intelligence is used in cyber security and how to detect and respond to cyber attacks with the best talent in the industry.