top of page

Chasing Invisible Adversaries

Chief technologist at CyberRes, a Micro Focus line of business, and emerging tech enthusiast who enables growth through digital strategy


As new technologies emerge and threats become increasingly complex and unpredictable, senior security executives recognize the need to merge security functions throughout the entire enterprise. Gone are the days when security was managed in siloes, including application security; platform strengthening; perimeter security; data privacy and protection; and identity and access management, among others.


Many rightly argue that we need an approach that involves people, processes and technology. We must integrate these pillars into a system of insights to better view cyber performance, risk exposure and countermeasures and secure the business. Failure to adopt a unified approach to cybersecurity and resilience can result in catastrophic consequences.


 


Typical cybersecurity incidents involve the malicious loss of information confidentiality, integrity or availability by means of manipulation, disruption, theft and espionage. These incidents can result in loss of productivity of business and technology staff, unavailability of critical business functions, breach of contractual and service level agreements, disclosure of trade secrets, loss of reputation, third-party damage and negligence of care versus contributory negligence. The business interruption risk is far larger than organizations typically believe it is because there is a convoluted understanding of risk.


Business interruption risk refers to the revenues at risk when an organization is not performing the business function beyond the maximum acceptable outage. The elements that make up this risk are quantitative — including technology recovery cost, lost customer revenues and loss of productivity and operations —as well as qualitative, involving legal/statutory and brand damage.


Taxonomy Of Attackers

While we can estimate to a high degree of confidence the observable components, it is overly complex to estimate the hidden costs. For example, while we can estimate the recovery of 5,000 laptops from a computer virus and the impact of their downtime in operations, it is impossible to calculate the loss when an adversary breaks into a production system and steals customer, operational or intellectual property data. Furthermore, the longer the adversaries have stayed hidden and manipulated data, the harder it becomes to assess the impact of the incident.


Understanding the adversaries is an important exercise for the assessment. The offenders may come from varying backgrounds. They may be script kiddies, as in the case of the