What is cybersecurity?
As organisations' dependence on IT systems increases, so do the associated business risks. Networks, systems, hardware, software, applications and data are all prospective targets for digital attacks. Whether those attacks are attempting to extract sensitive financial information, destroy files, or extort payment by holding systems to ransom – the result is disruption to an organisation's business processes and a potential negative impact on turnover and profits.
Cybersecurity is the means by which internet-connected areas are protected from security threats – and defended should an attack take place.
"Thinking of cybersecurity solely an IT issue is like believing that a company's entire workforce, from the CEO down, is just one big HR issue."
Who in an organisation is responsible for cybersecurity?
Effective cybersecurity involves multiple stakeholders. Security breaches can originate from both external and internal sources, so everyone within an organisation needs to be vigilant – from board level where major IT decisions are made to the threat-awareness of each employee.
Management teams should consider the security implications prior to introducing any new software or digital initiative; and employees need to be made aware of the importance of selecting strong passwords, backing up data on a regular basis, and being wary of unsolicited email attachments and links.
Across any organisation, good communication is vital in raising awareness of potential threats.
How is a cyber-secure environment maintained?
An organisation's IT team put key security regulators in place and monitor these on a day to day basis to prevent data breaches. They also play a significant role in flagging up security issues, as they are often the first to spot a potential threat or notice when a system has been compromised.
An organisation's cybersecurity team develop policies and procedures for protecting data assets; detecting and mitigating threats; responding to incidents; ensuring compliance with internal, industry and regulatory requirements; and establishing metrics and best practices.
What are the biggest security threats?
Managing the security risks posed by third-party components or by suppliers connecting to a network are common challenges, but it is often the 'threat from within' which poses the greatest threat. This can be mitigated by improving threat-intelligence across the organisation – ensuring that communications are clear and directives are complied with.
- Insecure ID management and access control
- System misconfigurations
- Inadequate vulnerability management practices
- Compromised third-party components
- Delays in implementing software patches
Conventional types of attackZero-day exploits
Providers of operating systems and software regularly issue security patches as new threats are discovered. However, in the first instance, organisations need to test that these patches will not interfere with the smooth operation of their networks, so there may be a delay in implementation. This exposes organisations to risk because attackers are known to exploit the window between the announcement of an update and the point at which the solution is applied.
Day to day security regulators:
- monitoring IT assets and ensuring they are kept updated
- secure configuration of firewalls, routers, software and drivers
- timely patch management
- secure applications development and configuration
- effective archiving, backup and storage
- efficient identity and user access control
- secure endpoint devices (computers, laptops, tablets, smartphones and other mobile devices)
- supplier and supply chain security
- robust data centre management.
- communicating security priorities across the organisation
- establishing monitoring and oversight procedures to ensure policies are being deployed and compliance and standards requirements are being met (including privacy standards)
- monitoring how the IT department implements and manages critical security-related functions
- risk measurement
- security threat analysis
- security threat detection
- information security
- cloud security
- network security
- endpoint security
- security incident response
- providing strategic guidance re security threats or breaches
- security disaster recovery
- system forensics
These allow attackers to install software and process all the user’s information. Types of malware include:
Worms and cryptoworms
Network worms utilise 'transport' code which trawls the Internet searching for vulnerable systems and uses backdoor exploits to install and execute copies of themselves.
Software which transmits data from a hard drive to obtain information. Malicious spyware can change computer or software settings, monitor keystrokes and even collect screengrabs, but predominantly spyware is used to track and record web users' movements. Examples include cookies, adware and trojans. Spyware might be deployed for marketing purposes, in order to present pop-up ads that are likely to be of interest to that user, or for corporate reasons, where an organisation uses a keylogger to monitor employees' computer use.
Malicious software, which encrypts data and can render services or critical systems unavailable without access to a decryption key. The attacker then threatens to block access or to publish data unless a ransom is paid for the key. The WannaCry cryptoworm (often referred to as the digital equivalent of the norovirus) is a recent example. In 2017, WannaCry wreaked havoc with hundreds of thousands of organisations across 150 countries, including the NHS, FedEx, Renault, Germany’s rail network, mobile phone operator Telefonica, and numerous universities and colleges.
Social engineering attacks
Interact with users to influence and manipulate their actions to gain access to systems or networks and install harmful software. These incorporate:
- phishing emails – typically disguised as legitimate correspondence, but linking to destructive software which can encrypt files, photos, documents or data
- baiting – in the guise of a USB drive or similar, offering something free and appealing when deployed, but linking to malware
- pretexting – where fraudsters pose as an organisation or individual known to the victim to extract sensitive information
- quid pro quo – again, the scammer makes contact by phone, often pretending to be from the victim's organisation. In this instance the victim is offered some sort of 'assistance' which requires them to download software from the web, share login information or allow remote access
- contact with a compromised' website – typically via a pop-up page
- eavesdropping/man-in-the-middle (MiTM), where attackers gain entry to a two-party exchange – typically via unsecured public Wi-Fi networks – so they can filter and steal data.
Cybersecurity and Practice Labs
Cybersecurity live labs
"Our Ethical Hacker Lab has always been popular among organisations looking to test the vulnerability of their networks and systems, but increasingly, we're finding that engineers are also using our practice labs to test software patches prior to implementation. The labs allow them to identify any potential issues within a safe, live environment that replicates the network configurations at their workplace. We actively encourage this because it reduces organisational risk by facilitating faster deployment of important security updates."
These are Distributed Denial-of-Service (DDoS) attacks that combine various threat technologies to attack at different times across multiple points of entry (including browsers, display advertisements, files, apps, emails and external devices). These attacks flood servers or networks with bogus traffic to eat up bandwidth and resources.
A proxy server is invisible to the end user because all requests and returned responses appear to be with the intended internet server. Deployed in the correct context, proxy servers can facilitate administrative control and caching services. However, attackers can also use them to undermine user privacy and monitor traffic.
Bots are robot software applications or scripts that perform tasks on command from an attacker, allowing them to take remote control of a user’s computer. A botnet is a group of these infected computers – sometimes referred to as zombies – which can spread the virus or malware far and wide without the users even being aware that their computers have been compromised.
Structured Query Language (SQL) injections
Here, the attacker plants malicious code on the Internet – often within search boxes in vulnerable websites – with the intention of gaining access to any servers using SQL. It then forces the servers to share information.
Useful links and further reading:
- The National Cybersecurity Centre (GCHQ)
- 2018 Trends in Cybersecurity: Building Effective Security Teams (CompTIA)
- 2018 State of Cyber Resilience Report (Accenture)
- 2018 Annual Cybersecurity Report (Cisco)
- The CompTIA Cyber Ready learning programme (CompTIA)
- The National Fraud and Cyber Crime Reporting Centre (UK Police Force)