Cyber Security is never far from the mind of any IT Head. Every day, it seems, lurid tales of the latest exploit, data theft, hacking attack or threat of cyber war fill the media.
The astute IT head takes Cyber Security very seriously indeed. A ransomware attack, or a loss of key company data could be catastrophic for a business. An online business that needs to be available 24/7/365 could be closed down by a prolonged loss of service or by customers fleeing if they see their personal information has been stolen.
In recent times, hackers and thieves have mounted increasingly sophisticated attacks against what they see as vulnerable targets. Any organisation that holds customer’s financial information has been a specific target. Other exploits have been specifically directed against organisations in an attempt to steal confidential information, including Intellectual Property relating to research, and sometimes upcoming financial information to help with stock fraud.
Quite apart from cyber security defence measures against threats posed by direct attacks or malware, an organisation must put a data loss plan into place to supplement the anti-malware and anti-hacking defences they have installed. Most IT security gurus will say that the only secure site is one that hasn’t been hacked yet. Keep a full set of up to date and accessible backups to hand of everything, your system software, configuration data and user data. Often, the quickest and most secure way to respond to a ransomware attack is to delete everything back to clean re-formatted storage and start again from scratch from the latest backups.
What types of cyber attack can an IT installation expect and what can be done to counter them?
The first and most important thing to realise is that the biggest threat to your cyber security sits behind a desk, between the screen and the chair back. The vast majority of successful cyber thefts end exploits are due to user action or inaction, inadvertent or malicious.
What we should learn is that educating users about cyber threats is the first and most important counter‑measure. They need to be told about threats, how to recognise them and what to do about them as part of induction to the organisation. They need to have frequent and repeated updates about the latest threats to reinforce their knowledge.
What can they expect?
User Directed Threats
Users are invited to click on a link in an email or website. Often the email seems to come from a trusted source, a bank or colleague perhaps. The link however doesn’t go where it says it is going and instead takes you to another website where malware is downloaded to your computer. Malware that collects information, including user-id’s and passwords and sends it back to the hacker.
In this type of attack, the hacker gathers information abut an organisation and targets those they think could provide valuable information. They send out a small number of emails to specific individuals in the hope that one of them will click on the link. If the first batch fails, they send out another. As with regular phishing, the content can seem to come from a trusted organisation, customer, supplier or colleague. One variation is to make it look like it comes from the IT department, asking for you to click on a link to “Update your software”.
Someone telephones individuals in an organisation pretending to be an IT support person and leads them through installing malware or providing confidential information.
One recent email is a specific type of blackmail threat against individuals, threatening that obscene videos of them of will be sent to all their contacts unless they pay money. A targeted user could be asked to provide confidential information instead of cash.
Social Media and Online Cloud Storage
Another threat is social media and increasingly, online data storage sites like DropBox and OneDrive. If users can access social media from a work computer, there is the threat of acquiring malware or posting confidential information online. Online data storage can be hacked and data stolen.
A user who has been terminated, or otherwise has a reason to act maliciously against the organisation is a threat. When an employee resigns or is fired, they need to immediately have their online accounts closed and all access rights revoked.
The second type of threat is more technical, in which the hacker tries to damage an organisations systems software to steal data or prevent users reaching their online systems. These can usually be countered by commercial anti‑malware software and appliances and keeping a continual watch over the network and the data travelling on it. Included in this category would be Denial of Service attacks and ransomware.
The price of successfully protecting an organisation against cyber attack is eternal vigilance.