One of the major talking points around ICT is IT Security. Cyber attacks have increased in frequency, intensity and sophistication. Many sites have been hacked and personal and financial information stolen. In parallel, cyber security solutions have grown to match their sophistication and effectiveness.
Both technology trends and in the way in which people use the Internet have increased the vectors through which malware and cyber-attacks reach their targets. Bring your Own Device has brought new headaches to network security experts and Cyber Security Solution developers alike. The development of desktop-based applications supporting popular social media apps for smart devices has brought new problems for IT Security to address.
What has not changed though, it that most cyber-attacks happen because of people. Their actions or non-actions, deliberate or inadvertent, are the most common cause of malware incidents.
The first area to address in reducing the potential for cyber-attacks is therefore to ensure that users, as far as is possible, are knowledgeable and aware of cyber threats, how to recognise them, and know what to do if they come across one.
Areas worthy of consideration include:
Users must receive an IT education programme as part of the induction process when they join an organisation. The education programme should cover the organisation’s IT policies and procedures, and in particular, educate them on how to recognise malware threats and cyber-attacks, and what to do if they find one.
For example, phishing. If they receive an email from a supposedly reputable source, say a bank, inviting them to click on a link, they must stop and think before doing so. Tell them to hover the cursor over the link, and if the link isn’t to the correct web site address, then it is fraudulent.
Bottom line, users must be very suspicious if it’s an email from someone they don’t know, and suspicious even if it is from a friend, co-worker or relative.
All too often, an employee’s access to company systems continues after they have resigned or been fired. A soon to be ex-employee can cause all kinds of damage to systems and data, either directly or by introducing malware to the corporate network.
An employee’s access right to systems and data must be removed when they state they wish to leave the company.
On a similar note, they must be removed from personal and corporate distribution lists, to ensure that they stop receiving confidential company information after leaving. Not strictly speaking a cyber-attack, but still a serious security risk.
Two things here, one technical, one not. User passwords must be strong passwords, a minimum of eight characters as a mixture of lower and upper-case letters, special symbols and numbers. An automatic password renewal policy should force users to change passwords every four weeks or so. Don’t write them down, and especially don’t write them on a post-it and stick it on the side of the monitor.
On the technical side, ensure that default user accounts, particularly systems administration ones are removed from systems software and replaced with new accounts. If they cannot be removed, then at the very least change the default password. Again, if an employee with administrator access to systems software resigns or is fired, immediately remove their administrator account and change the passwords.
Bring Your Own Device
In the past, network managers and security people could be pretty sure what devices were attached to their network and put procedures in place to detect rogue devices.
We now have the same issue with BYOD, especially in a WiFi environment, but on a much larger scale. WiFi users expect to be able to link their smart device to WiFi, easily and seamlessly. That isn’t usually a problem for well-known brands, but it can be an issue for cloned devices at the cheaper end of the market. Their software may not conform to industry standards and may cause network problems when it connects or attempts to connect. In some cases, it may not be possible to connect them.
Again, user education is needed to provide connection information and to make them aware of what can and cannot be attached to the network. A webpage on the corporate intranet is often a good way to do this.
Malware and cyber-attack protection
Obviously, the network must host malware detection and protection software and security appliances. The trick here is to ensure that the software itself and signature files are up to date. Desktop systems need similar protection.
A more recent innovation is heuristic traffic analysis. Software analyses traffic patterns and can identify cyber-attacks like DDOS threats and issue alerts.
The price of data security is eternal vigilance. Cyber threats are growing more common and more sophisticated, using different and new attack vectors. The savvy IT department needs to keep up with current threats and counter-measures.