Security Experts:

Trust Attacks Pose Novel Challenge for Companies

Novel cyber-attacks will ruin reputations and erode customer trust, but can humans keep up in the cyber arms race?

In April of 2013, the Associated Press tweeted that Barack Obama had been injured in a White House explosion. The press quickly realized that the account had been hacked, but in the few minutes that the tweet was up, the S&P plummeted to the tune of $130 billion in stock value. Though the market quickly recovered, the incident showed that saboteurs and cyber-criminals now have the tools to inflict disproportionate harm on public trust and financial institutions.

In a more recent case, fears of cyber meddling in the U.S. presidential election fostered a deep distrust in the democratic process. After the DNC hack and repeated email leaks, that distrust reached an all-time high. Using these attacks as a blueprint, sophisticated hackers are now engaged in long-term missions to undermine entire businesses and institutions, all under the cloak of the web’s anonymity.

In the face of advanced threats like these, words can only go so far to assuage the fears of clients and investors. At some point, they demand results, and in cyber security, the only result that matters is whether or not you’ve stayed safe from data breaches. Unless organizations start taking proactive security measures, they risk losing one of their most important commodities – public trust.

Fostering distrust

These new ‘trust attacks’ pose a novel challenge for companies, especially those that rely heavily on public confidence. Imagine if a bank is silently infiltrated, but instead of stealing customer data, the attackers tamper with a few account balances. If even a small amount of information is changed, the resulting loss of credibility could prove fatal. Indeed, the mere rumor of compromised data is enough for customers and investors to jump ship.

Trust attacks spell trouble for financial markets as well. By falsifying market information to force ill-advised investments, cyber criminals have the power to disrupt business plans or wreak havoc on the stock market. We have already seen glimpses of this potential in during Verizon's purchase of Yahoo, where several cyber-attacks were disclosed during a critical period of the acquisition.

Sophisticated attacks will hide amid the noise of the network and disguise themselves as legitimate traffic, manipulating data from the shadows while everything continues as normal. Imagine a Wall Street company slowly losing money and clients, all because intelligent malware was quietly tweaking their economic models.

Staying above the slander

The biggest problem with stopping threats like these is an underlying lack of visibility. In our experience, too many organizations remain in the dark about large swaths of their networks. Whether it is IoT assets or non-conventional IT, the activity on these devices is effectively invisible to security teams. ‘Smart’ coffee machines, video surveillance cameras, and building HVACs are among the most vulnerable devices in modern networks and will continue to be used as entry points to launch advanced cyber-attacks, including subtle and stealthy ‘trust attacks’.

To maintain trust amid this hostile environment, organizations have to adopt a proactive approach to cyber security. The only way to avoid the embarrassment of a public data breach is to make sure it does not happen in the first place. In light of this, more and more organizations are recognizing the potential of AI and machine learning technologies. The promise of AI lies in its ability to create ‘self-defending’ networks that can automatically fight back against early-stage cyber-threats. Technologies like this protect not only company data, but also trustworthiness in the eyes of customers and investors.

Data integrity lies at the very heart of our businesses and public institutions. If we don’t act to protect it now, the consequences could be grave. Every company and organizations is vulnerable to cyber-attacks, and investing in security innovations and gaining total network visibility are more important than ever. The enterprises that will survive the next generation of cyber-threats know this – and they’re arming up.

view counter
Justin Fier is the Director for Cyber Intelligence & Analytics at Darktrace, based in Washington D.C. With over 10 years of experience in cyber defense, Fier has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Fier is a highly-skilled technical officer, and a specialist in cyber operations across both offensive and defensive arenas.