The Connected World of Threats
Writing for Defence Online, Darren Anstee, CTO, SBO International, NETSCOUT continues our focus on cyber security with a look at how a connect world can bring threats as well as advantages.
Across all industries, the connected world is now pivotal in day-to-day operations. Communications, supply chain and our broader view of the world in which we operate are all reliant on the availability, integrity and confidentiality of our networks. These networks are key to everything that we do, and increases in speed and flexibility have brought great benefits. However, our use of the connected world also brings a significant threat.
The threat landscape grows ever more complex and diverse, with cybercrime, gamers, ideological activists and nation-states all participating in cyber–attacks and campaigns of varying levels of sophistication. New attack vectors and vulnerabilities can now be weaponised – out there in the real-world – in less than five days, giving pretty much anyone access to significant capability with minimal up-front technical know-how (and minimal risk in terms of attribution). Take for example recent attacks against online testing platforms at schools and colleges, perpetrated by students, using hired botnets to easily launch Distributed Denial of Service (DDoS) attacks.
New technology is being adopted everywhere to drive business efficiency and productivity, Internet of Things (IoT) being a good example. The IoT threat has received a lot of media attention since the large DDoS attacks generated by Mirai malware running on CCTV cameras and DVRs in 2016. The IoT threat is very real. Unfortunately, many IoT devices are designed for the lowest cost and fastest time-to-market, with security being very much an afterthought. Bad-actors of all types are aware of the power of these devices given their ever–growing numbers, as up to 7.7M are added to the Internet every day. Internet connected devices are usually scanned within five minutes of coming online, and for IoT devices specific exploits are normally targeted within 24 hours.
The threat from IoT is of course broad. We are not just talking about DDoS attacks – although they are a primary concern. Proof-of-concept malware that allows compromised IoT devices to spread infections across internal networks has also been seen, as have threats that use IoT devices as proxies to reach any of the networks they are connected to. IoT devices can create an unintended pathway between networks if they are not appropriately secured and monitored.
DDoS attacks are also on the rise, threatening the availability of our connectivity. DDoS attacks have been around for over 20 years, but the size, frequency and complexity of attacks continues to grow. The first half of 2019 saw 776% growth in the number of attacks between 100-400Gbps monitored around the world by NETSCOUT’s ATLAS system. These attacks are capable of saturating the connectivity of all but the largest organisations and can cause congestion within ISP networks if not effectively managed.
And, of course, when it comes to nation-state APT activity it comes as no surprise that with growing geopolitical unrest in many theatres there has been significant growth. Social engineering combined with both commodity malware and custom code are being used around the world. Governments are not just targeting each-other, but also the airline industry (a good source of information on travel plans), media and social-media businesses (for disinformation and social engineering) and of course other critical industries where a competitive or market advantage can be gained from insider information.
Managing the risks posed by cyber-threats today is daunting but not impossible. As with battles of the past it is key to have good visibility and intelligence. Many of the problems we face in dealing with cyber-threats today come from a lack of consistent, pin-point visibility of what is going on. As our environments have become more disparate, with containerisation, virtualisation, cloud etc., our ability to get a consistent picture of what is happening has diminished. We have become reliant on piecemeal data – which gives a blurry at best view – and highly sophisticated analytics engines – which attempt to bring clarity to our picture. The problem is that the analytics is showing us what is probably there – not necessarily what is actually there. This leads to us identifying threats later in their lifecycle, when we have less time to react, and some things get by.
As in most areas the risk of something going wrong is driven by the lack of situational awareness; cyber is no different, we must build our defensive capabilities and processes on top of a consistent cross-domain picture of network, user and application activity. Feeding high-quality data in sophisticated analytics yields a much more reliable result and allows us to be much more confident in the output – increasing operational efficiency.
This sounds obvious, but it is not where we are today in many organisations when it comes to security. Better visibility, combined with integration across security technologies and platforms can allow us to identify threats more effectively and efficiently, and enable us to manage our security with the resources we have available.
To learn more about cyber security and how your business can stay protected from threats, visit the Cyber Essentials Online website.
If you would like to join our community and read more articles like this then please click here.