Data Theft: Closing the cyber barn door before the data horses can be stolen

With more serious threats to cybersecurity each day, the old adage, ‘a pound of prevention is worth a pound of cure’, has never been more critical to safeguard your valuable, if not irreplaceable data.

“There are two reasons why all of us are more at risk to data theft each day”, says Philippe Monot, Thales Director of Marketing for Cybersecurity Services. “First, what we call the attack surface—the amount of data that is vulnerable-- is growing exponentially as we deploy more connections to more public networks, to the Internet of Things, and as we add each day more applications to public data Clouds".

“Second, the variety, capabilities and creativity of hackers are growing at the same time. Once intruders compromise a system, if organisations are not able to watch and immediately analyse the huge number of simultaneous logs for suspicious activity, not only will your data be gone before you know it, but your systems could be taken over for continuing use”, says Philippe Monot, Thales Director of Marketing for Cybersecurity Services

The variety of attackers seems unlimited, Philippe Monot explains. They include individuals as well as state or criminal organisations, and all are becoming increasingly sophisticated.

Why the risks are growing—and how to stop data thieves in their tracks

“There can be huge financial impacts on companies because they may not realize an attack has started or that it is continuing even after the data has been stolen”, he explains. Criminal organisations steal intellectual property such as trade secrets or sensitive data including identities of company customers, suppliers, and employees. They try to resell such data on the black market or hold that valuable corporate information for  ransom. 

And governments are also at risk—sometimes even from other states which are increasingly active as hackers--aiming to find strategic information and weaken adversaries.

The stakes are indeed enormous, and they are not only financial. Public safety and security can be threatened by hacking and taking control of critical infrastructures, transport systems, airports, or even autonomous cars or satellites.

Fortunately, there are ways for organisations to defend themselves.

Based on its own decade and a half of experience and expertise in building in cybersecurity from the start in its five lines of business— defence, security, aerospace, space, and ground transport—and its Cyberlab where R&D analyses the latest threats and  develops new protections against them, Thales offers a made to measure cybersecurity package. At the centre of it is the Thales Cyber Security Operation Centre (CSOC).

“We process there hundred of thousands pieces of information per second for our clients worldwide, and combine tools and technology with leading expertise to detect cyber issues” says Philippe Monot, “It’s like having a watchman making sure that a multinational has all of its windows closed at night everywhere it operates”.

A virtual visit to the Cyber Security Operation Centre

It’s at Thales’ Cyber Security Operations Centre  whereover 120 engineers detect, analyse and help clients manage cyber issues and attacks from their systems worldwide, on a 24/7 basis. They benefit from the company’s five  Cyber Security Operation Centres. They are in France, Canada, Hong Kong, the Netherlands, and the United Kingdom. Overall, Thales’ has 5.000 IT and cybersecurity experts worldwide who serve more  than 130 national information systems providers and companies whose critical business processes rely on their vigilance and expertise. 

To take one example of a suspicious activity detected from the processing of billions of logs each day, take the case of  ‘malware’ attacking a targeted computer and inserting a malicious  mail campaign, also known as ‘spear phishing’. In this case, the client system’s antivirus did not detect the malware as the malicious software’s signature was not known yet. However, the malware started to scan the company network for other systems to infect and succeeded in connecting to an external site company site. The Thales Security Operation Centre identified this behaviour as suspicious.

Thales’ Cyberthreat Intelligence database then provided more information to qualify the attack, the related indicators, and the associated risks. In this case, it helped Thales experts to determine the hackers could use the malware to steal data, damage or even destroy the systems.

Quickly, Thales and the client diagnosed the attack under way and were able to stop it and reconstruct the system to avoid it in the future.

Philippe Monot concludes, “This type of incident demonstrates the danger today and the value-added we bring to our clients worldwide. We assure with our customers all critical steps to cybersecurity. They include Prevention, Detection, Response, Assessment, Risk Management, Governance and Conformity to best practices or regulations. No one can guarantee zero risk but we aim to stay a step ahead of the hackers so that the cyber barn door is closed before the data horses can be stolen.”

To learn more, read the full report: Beyond the SOC as a detection center : Holistic cybersecurity operations in the coming age