BAE study elucidates cyber threat realities

If C-suite executives and members of the boardroom need any proof that data breaches can exact tangible and extensive damage, they just need to read about recent high-profile cases in the news.

But even then, top executives need a better understanding of the criminals they are up against online because “the cyber threats faced by businesses today are not only created by machines but by people; living, breathing human beings,” says Boye Vannell, general manager of Asia at BAE Systems Applied Intelligence, which recently presented its research on “The Unusual Suspects” at its office opening in Singapore.

BAE Systems’ research identifies six prominent personas behind cyber attacks and ways to defend against them. They are:

  • The Insider – disillusioned, blackmailed or even over-helpful employees operating within their company
  • The Mule – naive opportunists manipulated by criminal gangs to launder money
  • The Professional – career criminals who work in the digital shadows
  • The Nation State Actor – individuals who work directly or indirectly for their government to steal sensitive information and disrupt enemies’ capabilities
  • The Activist – individuals motivated to further their cause via questionable means
  • The Getaway – the teenager who can escape a stiff sentence due to their age

The personas are the result of intelligence BAE Systems has gathered globally working with many nation states and companies, which is fed into its appliances. “We built our algorithms, statistical models and data models, which led to the identification of the personas that we are presenting,” says Sanjay Samuel, managing director of JAPAC at BAE Systems Applied Intelligence. “We’re not just looking for a pre-known attack.

“We have access to data that our competitors don’t have access to. The real differentiator is our analytics model that looks for behaviors in the data that would adhere to a certain type of person and motivation that we know will result in a cyber attack. These six personas are not individuals that you can identify because you can also combine them.”

For example, a professional software developer who is an insider becomes an even bigger threat because they have an understanding of the network infrastructure and the ability to build software that accesses the network and steals data stealthily.

“With the insider, it’s also about making sure no one drops things into your network and takes things out in the pocket,” Samuel adds. “This means that your physical security and your cyber security have to come together as well. If you don’t take these measures into account and they don’t reach the board level, you would be turning a blind eye [on cyber security] and this will affect the business at some point.”

Analyzing behaviors

BAE is now focused on the intersection of financial crime and cyber defense. “Singapore is one of the financial hubs in the world and because of that, our presence in this market is even more important,” Samuel adds. “We started in this Singapore many years ago, focused on anti-money laundering software that allows banks in Singapore to be compliant with local legislation. That has grown into a financial crime offering, looking for fraudsters internally and externally to the financial services companies and most recently, cyber defense as well.”

BAE offers cyber defense services that range from incident response to penetration testing to architectural studies; an appliance built on a threat analytics platform; and a cloud-based security service focused on email security that is delivered via its partners in the region and its data centers in the US and Europe. BAE is also operating a Security Operations Center in partnership with CTC Itochu Techno Solutions Corporation in Japan. As a managed security service provider (MSSP), the company serves businesses of all sizes.

“Our cyber security appliances look across the whole organization and at as much historical data as possible that’s gathered by the organization,” Samuel points out. “We are looking for those long-term persistent threats rather than just defending it in a rules-based engine. We analyze any information that is related to web logs, web traffic, even information that is not directly related to the use of the communications infrastructure. We’re about to release a version that looks at the physical data so we use information on [surveillance] cameras and security locks on doors in our algorithm to try and detect suspicious behavior.”

The information that BAE gathers, via protecting its customer base, on the types of threat actors or personas, including nation state actors and activist groups, helps enrich its behavioral analytics.

So, even if a malware were to change its behavior, we still know enough about it to understand that it’s still a piece of the malware operating as a different variant and we can raise alerts and awareness around that, Boye claims.

The nation state actor, particularly, is sophisticated and has the funding, resources and means to uncover the vulnerabilities of a certain country, gain knowledge of one’s physical security, or penetrate critical networks. “It could be through the standard power plug connection because the Internet of Things is evolving and you can get access that way too,” Boye says.

BAE currently employs 40 staff in Singapore and over the last two years, the company has quadrupled the size of its business across all of Asia. As its regional hub, the company will use the support, services and management based in Singapore as it expands in Asia Pacific, including Japan.