Here's a lesson we took from highly motivated hackers

By Annestasia Whitehead, Business Unit Manager at Cyber Security SA

Hackers aren’t messing around. They pulled in $600 million in one crypto theft alone in 2021 and $1.9 billion in 2020, according to media reports. 

Researchers think senior hackers make around $2 million each per year, mid-levels about $900 000 and juniors $42 000. The corporate lingo isn’t a coincidence. Hacking is big business.

In South Africa, a mid-level cyber security admin’s getting around R350 000 a year. It is perhaps only obliquely related here, but it’s easy to see why someone with that level of skills could be persuaded to opt instead for a slightly more lucrative R14 million a year instead (equivalent to $900 000 at time of writing).

Hacking’s big upside

In the US, a cyber security bachelor's will set you back between $4 000 and $50 000 a year, the returns on which from hacking really start to pay dividends around year five. Pay back your degree loans in a few years, spend a few more banking a retirement to actually look forward to and, well, you get the picture.

Certainly, hackers aren’t invulnerable. But stories like those of the FBI stalking Kevin Mitnick to eventually lock him down through a long, complex and difficult skirmish are exceptionally rare nowadays. There are too many hackers, the “good guys” are few, the law’s still playing catchup in a lot of places, and still other places simply don’t care about the West’s preoccupation with securing themselves from shifty admins who are rumoured to sometimes work for state actors, aka, the “bad guys”.

How do we compete?

With all of this raging like an Outback or California bushfire, how are we supposed to protect our businesses at home in sunny South Africa?

We fight fire with fire.

Hackers like to call their gigs “big game hunting”. They’ve distilled a best-practice framework designed to take care of their most important goals: Getting rich fast and staying out of the clink. Aspirational perhaps, motivational certainly, so they’ve really honed their “service”.

Four-step attacks

Reconnaissance is their number one priority, and they’ll do it for months or even years. Their MO these days is usually a double-extortion attack: Encrypt data so its unusable, thereafter follows the threat to leak it and compromise confidentiality.

Four key steps to the attack are to infiltrate more vulnerable endpoints through social engineering, followed by gaining escalated access privileges, then disrupting backups, deleting files and copying data, before deploying ransomware to hold the data hostage anticipating the payoff.

Key responses

That’s why our response must be equally layered, integrated and we must deploy key interventions against these activities. Endpoint detection and response (EDR) is a primary element and a low-hanging fruit to boost cyber security resilience.

The principals of cyber security overlap in some ways with physical security. For example, it’s impossible to completely protect a property against determined burglars but we can vastly improve success by making our place more difficult to rob than the one next door. It’s easier for the robbers to break into the neighbour.

That’s why it’s critical to understand where our businesses are vulnerable and take care of those exposures as a priority. A recent SANS survey found that 51.6% of compromises were detected by endpoint security. And endpoint privilege managers, like the solution from CyberArk, help our other defences do their jobs better.

CyberArk’s Endpoint Privilege Manager helps remove the barriers to enforcing least privilege and allows organisations to block and contain attacks at the endpoint, reducing the risk of information being stolen or encrypted and held for ransom.

It’s a powerful win that establishes a platform to build on or secure a potent element as part of the whole.

For a deeper view of how CyberArk’s Identity Platform can help you strengthen your security posture and reduce exposure, please reach out to annestasia@csza.co.za or find us on Linkedin: cybersecuritysouthafrica.

https://www.cyberark.com/resources/endpoint-privilege-manager/cyberark-endpoint-privilege-manager-datasheet

Share