Over the last few years, and particularly over the last two or three, there has been a decided increase in systems and data moving to the Cloud. Another feature has been implementation of remote access to systems to support e-commerce and working from home. As a result, Online Security has moved to the top of an IT department’s priorities.
Another, less welcome result has been a quantum increase in online criminal activity. The FBI have reported that ransomware is one of the fastest growing online scams, closely followed by phishing and other malware attempts to extract personal and financial information.
The is also anecdotal evidence that exploits aimed at impeding a competitor and the theft of Intellectual Property (“IP”) have increased. We hear daily in the media of the latest malware and hacker exploits, which causes senior management to ask what Online Security measures are in place.
There is considerable evidence that some Governments have been using cyber-attacks to affect other countries. For example, there is considerable evidence that there was interference with the recent US presidential elections and the 2016 British Brexit referendum.
There is also much speculation that there have been attempts using cyberweapons to destabilise other countries infrastructure and operational systems, for example in the financial sector. Stuxnet is a good example of how this could be achieved.
For many businesses their online presence is vital to their growth, and indeed existence, and losses of service can be fatal. They also need to demonstrate to customers and purchasers in an e-commerce environment that their data is safe and secure. That implies that data security is more important than ever.
IT Heads are asking what Online Security measures are needed, and if their existing arrangements are sufficient.
Typically threats to data security arise in one of two ways, network initiated, or user initiated. Network threats are external attacks such as a DDoS attack. User threats are those where a user, knowingly or unknowingly compromises data security, perhaps by validating a phishing exploit.
Using an encrypted VPN and a secure connection for remote access is a no-brainer.
Other external network-borne attacks targeted at a specific network are usually made by hackers, or sometimes botnets. Penetration testing and DDoS attacks are typical of the type.
Penetration testing is basically testing the network security to see if there is a way in. A recent one is using Internet of Things (“IoT”) devices. Especially in manufacturing, networks have added digital devices to the network edge as part of an IoT rollout. Most IoT devices are not designed with security in mind and are inherently insecure.
Their architecture means that they don’t have coverage from anti-malware applications. As a result, they can be easily detected and infected. They can also be recruited into botnets often without IT noticing. Try to keep them in enclosed networks, so that if they do become infected, the infection is contained.
DDoS attacks can be a bit of fun by a pimply hacker, but the FBI say they are seeing them used as a weapon to destabilise competitive businesses. The first thing to understand is that, in all probability, you can’t stop a DDoS attack with your own resources.
The best thing to do is to implement an early warning system, establish comprehensive perimeter defences, and have a contingency plan for using external resources such as scrubbers or mitigation specialists.
Prevention being better than cure is the thing here. Have a Business Continuity Plan in place, and if you don’t, create one.
Rehearsing and dry-running the DDoS mitigation plan is essential. Everyone must be clear on their duties, actions, and responsibilities. When you detect a potential DDoS attack, the quicker you invoke the plan the better, so everyone must be geared up and able to carry it out without delay.
To again quote the FBI, they say the biggest threat to most IT environments sits between the keyboard and chairback. Most successful exploits are initiated by users, either inadvertently or deliberately.
Phishing and Spear Phishing attacks are among the most common ways to introduce malware to an organisation. Education is key to prevention. Educate users at induction and have repeated update sessions to keep them aware of current threats and how to recognise them. Have clear policies and procedures for them to follow if they suspect a malware attempt.
A second route is swapping information between home and work on flash drives. Many home systems don’t have malware protection or insufficient protection. Malware can be introduced to corporate systems in this way. Disable USB ports on end-user equipment.
IP theft can be assisted by copying information to online storage like OneDrive and DropBox. Users should not be able to use them.
In this new always-on world with systems accessible from anywhere at any time, Data Security has become more important than ever.