Tom Huckle, Head of Cyber Security & Development at Crucial Group, gives MOD DCB his take on the current cyber threats facing businesses and how to protect against them.
The world of cyber security can be incredibly daunting, especially for people new to the industry. Almost daily you see news of nation states battling nation states for online supremacy, millions of people’s personal identifiable information being stolen, leaked or sold on the dark web, and ransomware running wild, causing irrevocable damage. How can anyone stay safe in this hostile environment?
The main thing to always remember is that the internet was never built with security in mind. Therefore, it can seem we are in constant catch-up mode; that there is no lasting defence against the myriad attackers out there looking to make us a victim.
Although nation state activity will not affect everyone, cyber crime in general is now extensive – admittedly low in sophistication but high in volume. It is a chronic problem and one that is only going to get worse before it gets better. With that in mind, I have compiled what I believe are the current threats, and the preventative actions that can be taken to tackle them.
The current threats facing companies
Increasingly complex automated attacks – but also security fundamentals not being followed
Businesses are facing more and more complex automated attacks; at times, there is little technical knowledge required from the people running the attack.
That said, in my experience most attacks would be foiled if the fundamentals of security and defence were followed. Problems are caused by a lack of knowledge, so I would urge all individuals and businesses to get these fundamentals nailed down, as they will protect against most attacks.
Ransomware and DDoS attacks on the rise
With the likes of the WannaCry and NotPetya attacks of recent memory, to name just a couple, ransomware and distributed denial of service (DDoS) attacks are on the rise. In 2017 alone, DDoS attacks rose by 91%, and I feel this will only continue.
Cyber crime becoming more professional and like modern business
Cyber crime has moved away from the ‘bedroom hacker’ model many people imagined, and now functions like a professional commercial enterprise. There are now extensive dark web communities and it will only become easier to hire or rent hackers, ransomware, trojans, viruses and more. Hacking has effectively become a business service in its own right; examples include Dream Market, Wall Street Market and Tochka.
Data breaches
Data breaches are always going to be a threat facing companies around the world, and at times the lines between who is conducting attacks – nation states or cyber criminals – can be blurred, depending on the outcome.
It is, however, worth noting that the techniques used with data breaches are not particularly advanced.
Insider threats
No matter the company, there will always be a potential insider threat from disgruntled or opportunistic staff taking advantage of security flaws. A prime example of this was when US National Security Agency (NSA) secrets were stolen and released by Shadow Brokers, resulting in the EternalBlue exploit being released and ultimately used in the WannaCry campaign.
Supply chains
This is a relatively new attack vector, where bad actors typically seek to introduce security flaws and exploitables into equipment or software prior to it being supplied to the target. This is a growing threat, so all companies need to check down the chain that their suppliers are also taking security seriously.
Fake news
To some this may seem out of place when talking about cyber security; however, fake news can pose a real threat to businesses and individuals, as social media presents an opportunity to manipulate people or cause reputational damage to individuals and organisations alike. The 2016 US Presidential election is arguably a powerful example of this, while in Myanmar in 2017 the authorities used Facebook to manipulate the population with anti-Rohingya minority propaganda.
Internet of Things
The rising number of devices being connected to the internet without the ability to secure them or update them poses a major threat, as cyber criminals can deploy massive DDoS attacks and cryptomining attacks against such software, similar to what has been seen with Marai and Satori.
How to defend against these threats
Take security seriously
- Invest in your network defence
- Build a monitoring and detection capability
- Build a security team and resource it
- Develop policies and get buy-in from the top of the organisation
Be vigilant and make people your first line of defence
- Train your staff to spot attacks
- Implement policies and frameworks so people can develop procedures to follow to act quickly
- Invest in threat intelligence, which can forewarn you about threats and attacks
Only keep data on a need-to-know basis (GDPR Compliance)
- Do you know who can see your sensitive data and systems?
- Do you have an asset inventory, so you can manage your risk?
- Limit access to the people who need it to do their jobs, and have processes in place to revoke it when they change roles
Patch promptly
- Cyber criminals are still successfully exploiting known vulnerabilities within hours of their release
- You can guard against many threats simply by keeping your anti-virus software up to date and updating your software and adding patches as soon as they are released by vendors
Encrypt sensitive data
- Do what you may, one day you’re likely to be the victim of a breach; however, by encrypting your data you can render it useless if it is stolen
- Install hard drive disk encryption to prevent stolen devices being compromised with additional remote wipe capabilities
Use two-factor authentication
- Phishing campaigns are still hugely effective, and employees make mistakes
- Two-factor authentication can limit the damage that can be done if credentials are lost or stolen
Don’t forget physical security
- Not all data theft happens online. Surveillance cameras and entry systems for restricted areas, for example, can help avoid criminals tampering with systems or stealing sensitive material
If you would like to join our community and read more articles like this then please click here.
The post The State of Play: The cyber security landscape as we approach 2019 appeared first on Defence Online.
