Cross posted from the Leiden Safety and Security blog:
Looking back on 2014, one can say that 2014 has been the year of the hacker. The world over, cyber security agencies, and cyber securitycompanies, are reporting an increase in the number and the complexity of cyber-attacks. In University of Auckland's IT Security Team in 2014, we have had to deal with more, and with more complex, attacks than before. Such developments place significant demands on cyber security teams. If one thing stands out about cyber attacks, it is that they do not come in one variety. Another thing that can be said is that a single cyber attack is lonely: many incidents now consist of multiple ‘attacks’ using a variety of tools.
For people in business, universities, government and as individuals, the question then arises how we prepare for yet another increase in the number and complexity of cyber security incidents. One particular tool that we use in our team is the threat stack. Used with some caution, the threat stack allows forward planning of our defences against the sort of attacks that we can expect in the next 12 months.
The threat stack is a categorisation of attacks indexed by likely actor and motivation. As shown in the table, it indexes cyber threats from fairly innocuous experimentation, primarily by researchers, to advanced cyber crime and advanced persistent threat. In 2013, Richard Stiennon extended it by adding surveillance to it. At its simplest level, the threat stack can be interpreted as a measure of the motivation and sophistication of a particular group of attackers. It is also possible to attach an approximate timeline to the threats, indicating when these threats were most prominent, and the maturity level of the threat.
No comments:
Post a Comment