Businesses turn to electronic guerrilla warfare to fend off hackers

In the wake of a barrage of high-profile global cyber attacks, some businesses are turning to a form of electronic guerilla war from within their networks in an effort to keep hackers at bay.

Last week US health insurer Anthem confirmed hackers may have made off with some 80 million personal health records, just days before Sony co-chairman Amy Pascal became the biggest scalp to be claimed by the company's high profile attack at the hands of suspected state-sponsored hackers.

Such breaches, say industry members, have created a chance for younger, nimbler companies trying to sell customers new techniques to protect data and outwit attackers.

These range from disguising valuable data, diverting attackers up blind alleys, and figuring out how to mitigate breaches once the data has already gone.

"Suddenly, the music has completely changed," said Udi Mokady, founder of US-based CyberArk.

"It's not just Sony, it's a culmination of things that has turned our industry around."

Closing the door

The result is that companies can no longer count on decades-old tools like firewalls and antivirus software to protect their perimeter, and then assume all traffic that does make it within the network is legitimate.

Attackers can lurk inside a network for half a year before being detected.

"That's like having a bad guy inside your house for six months before you know about it," said Aamir Lakhani, security strategist at Fortinet, a network security company.

Security start-ups have developed different approaches based on the assumption that hackers are already, or soon will be, inside the network.

Canada-based Camouflage, for example, replaces confidential data in files that don't need it (like training databases) with fictitious but usable data - tricking attackers into thinking they have stolen something worthwhile.

US-based TrapX Security creates traps of 'fake computers' loaded with fake data to redirect and neutralise attacks.

California-based vArmour tries to secure data centres by monitoring and protecting individual parts of the network. In the Target breach during the 2013 holiday shopping season, for example, attackers were able to penetrate 97 different parts of the company's network by moving sideways through the organisation, according to vArmour’s Wager.

"You need to make sure that when you close the door, the criminal is actually on the other side of the door," he said.

Threat intelligence

Funding these start-ups are US and European venture capital firms which sense another industry ripe for disruption.

Google Ventures and others invested US$22 million into ThreatStream in December, while Bessemer Venture Partners last month invested US$30 million in iSIGHT Partners. Both companies focus on so-called 'threat intelligence' - trying to understand what attackers are doing, or plan to do. All signs suggest their clients are starting to listen.

Veradocs' CEO and co-founder Ajay Arora says that while his product is not officially live, his firm is already working with companies ranging from hedge funds to media entertainment groups to encrypt key documents and data.

UK-based Darktrace, which uses math and machine learning to spot abnormalities in a network that might be an attack, has a customer base that includes Virgin Trains, Norwegian shipping insurer DNK and several telecoms companies.

But despite being open for business since 2013, it's only been in the past six months that interest has really picked up, says Darktrace's director of technology Dave Palmer. 

"The idea that indiscriminate hacking would target all organisations is only starting to get into the consciousness."

But the lesson seems to be holding.

Worldwide spending on IT security was about US$70 billion (A$90.1 billion) last year, according to Gartner. ABI Research forecasts cybersecurity spending on critical infrastructure alone, such as banks, energy and defence, will reach US$109 billion by 2020.

Several elements are transforming the landscape.

The BYOD demands of workers, and a tendency to access web-based services like Facebook and Gmail from office computers, offer attackers extra opportunities to gain access to enterprise networks.

The attacker's methods have changed too.

Cyber criminals and spies are being overshadowed by politically or religiously motivated activists, said Bryan Sartin, who leads a team of researchers and investigators at Verizon Enterprise Solutions, part of Verizon Communications.

"They want to hurt the victim, and they have hundreds of ways of doing it," he said.