When the cybersecurity team at Deloitte’s Grand Cayman office describes its workload, the stories sound more like those out of a spy novel than a risk assessment department.
Protective cases holding hundreds of phone connectors, wires, imaging equipment and other tools sit ready to grab and go at a moment’s notice to assist clients in the Caribbean, North America or Europe.
Forensic manager Glen Allan Mernett laughed as he described explaining the heavy cases of wires to airport security personnel when he travels on assignment. Not surprisingly, the equipment often attracts scrutiny from officers.
The logistical headache of transporting security equipment comes with the territory, however. The international nature of cybercrime means this team must work across borders.
While the company has cybersecurity specialists all over the world, the George Town office hosts a comprehensive forensic lab, outfitted to address a broad range of cyber and data threats from hackers to natural disasters. The team members from this office are equipped to deploy and address major breaches almost anywhere in the world.
Given the sensitive nature of certain cases, Mernett often works through the night to go undetected.
“We’ve had fraud cases where only the board of the company knows we’re there. We’ll come in after all of the employees, including management, have left and we will start at 8 p.m. for imaging and be out of there by 6 a.m. We’ll have five, six computers getting the images,” Mernett said.
In one such board-approved case, Mernett found himself locked out of the office he needed to access.
“We couldn’t get into an office. We didn’t have the keys for it, but the board approved us to take images of the computer,” he said.
“We were able to take (the glass partition) out, go into the office, image the computer and then when we left, we put the glass in place and put everything back in place so no one would know we were there.”
No longer the domain of IT
The nature of Mernett’s work reflects the high-level and often cross-border demands placed on modern companies. Cybersecurity no longer falls exclusively in the domain of the IT department, says Deloitte Discovery partner Nick Kedney.
To ensure smooth and secure operations, cybersecurity must remain top of mind in the executive suite as well.
“That’s still a challenge getting board members to understand that this is not something you can delegate to your IT department. You need to have a security officer and you need to have sufficient understanding about these challenges. This is a prima facie business continuity issue. It’s no different from a hurricane in many ways in terms that it can blow your business down,” Kedney said.
Gone are the days of stereotypical teenage hackers exploiting systems for the fun of it. Cyber threats now emanate from a wide range of fronts. From hacktivists to disgruntled employees, businesses face daily pressure on their digital assets.
Hacking as a career
For many cyber criminals, hacking is a career that provides paychecks and pensions. Companies that fall victim to ransomware attacks demanding payment must grapple with the implications of funding organized crime.
“You’ve got to remember, if you pay the ransom, you are funding an industry. They are going to develop new tools, new methods to extract more value. It is an organized industry. It’s not random people or kids in bedrooms. It’s an industry and if you go onto the more obscure parts of the internet, you’ll see discussions about attacks and how to monetize,” Kedney said.
Risk advisory senior manager Alexandra Simonova warns that companies that comply with hacker demands and pay ransoms may find themselves subject to repeat attacks. Payment sends a message to criminals that more funds may be available.
After all, organizing an attack can be as easy as hiring a service, she added.
“You don’t necessarily need to be very sophisticated in the cyberattack anymore. You can go on the dark Web and rent the whole service, just pay for a subscription, provide your targets and that service will attack whoever you want it to attack and they will take a percentage of the revenue,” Simonova said.
“They have really good customer support as well. They have call centers. They make it really easy for you to pay the ransom. There is a 24/7 line, so that if you have issues with paying the ransom, you call them, they help you through the process. It’s very customer friendly.”
Increase in ransomware attacks
In recent years, ransomware attacks have increased dramatically. The first six months of 2016 brought a spike in attacks that outnumbered all of 2015.
“It’s progressing because this type of attack is easily monetizable whereas other types of attacks, like stealing credit card data, you need to go further to monetize your hacking efforts,” Kedney said.
Simonova recommends companies assess their risk profile to determine their vulnerabilities and better understand where threats might arise. Hackers can be motivated by money, personal or business gain, or even revenge. Staff from marketing to legal departments must be briefed on their responsibilities.
“It’s a corporate culture and education issue. It is very important that employees are educated. There shouldn’t be any blame attached to being duped. … People need to understand to the extent possible ways they can recognize a genuine from a fake email,” Kedney said.
In the meantime, security teams face an arms race of sorts against the dark Web. Risk teams like Deloitte’s must remain on the ready.
As Simonova put it, “Unfortunately, most companies will eventually be breached. It’s not a question of if, but when.”