With credit to ATG-IT: www.atg-it.co.uk

Cyber Security 2018

As we approach the end of another year, security concerns and breaches have been on the rise from ransomware variants like WannaCry through to organisations such as Equifax declaring massive breaches.

This is likely to grow considerably as we move into 2018, due for two reasons, financial gain by organised criminals who have recognised for a few years now that this is a very lucrative opportunity but also the disruption that can be caused through this activity from countries with certain political agendas.

It is also not just restricted to large companies as we have seen an increasing number of smaller organisations being “hit” as generally, their defences are much less advanced than larger businesses.

With paranoia increasing is it any wonder that the adoption of new technologies in some cases is on hold due to not knowing what the negative side effect could be.

We now list the top 15 concerns and remedies in 2018 from the research we have done as follows:

1. Ransomware

"2017 was the year of ransomware, but 2018 will be no different. Hackers find ransomware incredibly lucrative and will continue to stick their hands out for money in the form of cryptocurrency. But companies that have the proper tools in place—in the form of backup, DR and security services — will be able to fight back in 2018 and beyond. Businesses that have prepared ahead of time—whether small or large enterprises—will be in a position to refuse these extortive demands. The more of us who prepare ahead of time, the less effective ransomware will become, and this, in turn, will encourage criminals to look elsewhere."
Ransomware

2. Malware

What is it? Malware is an all-encompassing term for a variety of cyber threats including Trojans, viruses, and worms. Malware is simply defined as code with malicious intent that typically steals data or destroys something on the computer.
How does it work? Malware is most often introduced to a system through email attachments, software downloads or operating system vulnerabilities.

How can I prevent it? The best way to prevent malware is to avoid clicking on links or downloading attachments from unknown senders. This is sometimes done by deploying robust and updated firewalls, which prevent the transfer of large data files over the network in a hope to weed out attachments that may contain malware.

It’s also important to make sure your computer’s operating system (e.g. Windows, Mac OS X, Linux) uses the most up-to-date security updates. Software programmers update programs frequently to address any holes or weak points. It’s important to install these updates as well to decrease your own system’s weaknesses.

3. Getting breached and the Media catching it first

"We have all accepted that at some point in time, someone is going to get through the defences. With the mix of vendors on both the hardware and software side, there is going to be a vulnerability that can be exploited. Yet we hope that we 'catch' this breach in a reasonable time to limit and mitigate so that we can notify the victims/public through a controlled message. The average 'dwell time' or interpreted as average detection time, is 104 days.

"Even scarier is that only 53% of the time do we find this breach ourselves. Which means about half the time, our breach is disclosed publicly, with these criminals rummaging through our systems for 104 days. These are both career-limiting stats for an IT Manager as well as business threatening overall. Yet in the reality of finite budgets and a critical skills shortage, there is very little we can do to significantly move this needle. However, through using a partner that is

for example Cyber Essentials accredited by the government, can help to mitigate this.”

4. Phishing 

Phishing

What is it? Often posing as a request for data from a trusted third party, phishing attacks are sent via email and ask users to click on a link and enter their personal data. Phishing emails have gotten much more sophisticated in recent years, making it difficult for some people to discern a legitimate request for information from a false one. Phishing emails often fall into the same category as spam, but are more harmful than just a simple ad.

How does it work? Phishing emails include a link that directs the user to a dummy site that will steal a user’s information. In some cases, all a user has to do is click on the link.

How can I prevent it? Verify any requests from institutions that arrive via email over the phone. If the email itself has a phone number, don’t call that number, but rather one you find independently online or within documentation you’ve received from that company.

Most companies are adamant that they will not ask for personal information via email. At the same time, most companies strongly recommend that users not make sensitive information available. While it might seem like a pain to make a phone call to find out if something is legitimate, the hassle of having your  Social Security number and/or Financial Information was stolen is much worse.

 5. General Data Protection Regulation (GDPR) is coming

"The most talked about security development right now is without question the introduction of GPDR. A significant change to how personal data will be stored, it's still yet to be determined how companies will interpret the guidelines on how much data they keep based on having a 'legitimate interest' vs. that of requiring explicit 'consent'." But clearly this new law must be taken seriously as it covers both data privacy and to a certain extent cyber security, so starting to work on policy, process, procedures as well as training will help greatly if and when the Information Commissioner comes knocking on your door”

6. Password Attacks

What is it? A password attack is exactly what it sounds like: a third party trying to gain access to your systems by cracking a user’s password.

How does it work? This type of attack does not usually require any type of malicious code or software to run on the system. There is software that attackers use to try and crack your password, but this software is typically run on their own system. Programs use many methods to access accounts, including brute force attacks made to guess passwords, as well as comparing various word combinations against a dictionary file.

How can I prevent it? Strong passwords are really the only way to safeguard against password attacks. This means using a combination of upper and lower case letters, symbols, and numbers and having at least eight characters or more. As a point of reference, an attacker using a brute force password cracking program can typically unlock a password with all lower case letters in a matter of minutes. It’s also recommended not to use words found in the dictionary, no matter how long they are; it just makes the password attacker’s job easier.

It’s also good practice to change your passwords at regular intervals. If a hacker is able to obtain an older password, then it won’t work because it’s been replaced!

7. Denial-of-Service (DoS) Attacks 

What is it? A DoS attack focuses on disrupting the service to a network. Attackers send high volumes of data or traffic through the network (i.e. making lots of connection requests), until the network becomes overloaded and can no longer function.

How does it work? There are a few different ways attackers can achieve DoS attacks, but the most common is the distributed-denial-of-service (DDoS) attack. This involves the attacker using multiple computers to send the traffic or data that will overload the system. In many instances, a person may not even realise that his or her computer has been hijacked and is contributing to the DDoS attack.

Disrupting service can have serious consequences relating to security and online access. Many instances of large-scale DoS attacks have been implemented as a sign of protest toward governments or individuals and have led to severe punishment, including jail time.

How can I prevent it? Unless your company is huge, it’s rare that you would be targeted by an outside group or attacker for a DoS attack. Your site or network could still fall victim to one, however, if another organisation on your network is targeted.

The best way to prevent an additional breach is to keep your system as secure as possible with regular software updates, online security monitoring and monitoring your data flow to identify any unusual or threatening spikes in traffic before they become a problem. DoS attacks can also be perpetrated by simply cutting a cable or dislodging a plug that connects your website’s server to the internet, so due diligence in physically monitoring your connections is recommended as well.

8. Having a false sense of security

"Because security is such a broad concern, the primary threat that should be top of mind is a false sense of security. Given threat profiles for cybersecurity and the need to protect intellectual property and financial assets etc., there is no single investment or effort that allows you to 'check the box.' Comprehensive visibility to your technology footprint—from device to application destination—is a key capability required to enable you to be successful in understanding your security position and identify new attacks."

9. “Man in the Middle” (MITM)

MITM attackWhat is it? By impersonating the endpoints in an online information exchange (i.e. the connection from your smartphone to a website), the MITM can obtain information from the end user and the entity he or she is communicating with.

For example, if you are banking online, the man in the middle would communicate with you by impersonating your bank, and communicate with the bank by impersonating you. The man in the middle would then receive all of the information transferred between both parties, which could include sensitive data, such as bank accounts and personal information.

How does it work? Normally, a MITM gains access through a non-encrypted wireless access point (i.e. one that doesn’t use WAP, WPA, WPA2 or other security measures). They would then have access to all of the information being transferred between both parties.

How can I prevent it? The best way to prevent them is to only use encrypted wireless access points that use WPA security or greater. If you need to connect to a website, make sure it uses an HTTPS connection or, for better security, consider investing in a virtual private network (VPN). HTTPS uses certificates that verify the identity of the servers you’re connecting to using a third-party company such as VeriSign, while VPNs allow you to connect to websites through virtual private networks.

10. Large-scale data breaches

"Coming off a year of major data breaches, from Equifax to Yahoo email accounts, IT managers and business owners will be more worried than ever before about their own potential data breaches. The reality is, a vast majority of all breaches occur due to unpatched systems and/or advanced social engineering attacks.

"In 2018, I expect that many people will be tasked to find more comprehensive patching programs, and to provide more effective cybersecurity training, for both their engineers and general employees. Most IT Managers will also be looking to purchase better-advanced detection/prevention solutions from outside security vendors as well as to embrace comprehensive data governance initiatives; you can't protect what you can't control or see. While there is no "silver bullet" when it comes to security, continuous improvement and limiting your exposure will go a long way to reducing your risk."

11. Drive-By Downloads 

What is it? Through malware on a legitimate website, a program is downloaded to a user’s system just by visiting the site. It doesn’t require any type of action by the user to download.

How does it work? Typically, a small snippet of code is downloaded to the user’s system and that code then reaches out to another computer to get the rest and download the program. It often exploits vulnerabilities in the user’s operating system or in different programs, such as Java and Adobe.

How can I prevent it? The best way is to be sure all of your operating systems and software programs are up to date. This lowers your risk of vulnerability. Additionally, try to minimize the number of browser add-ons you use as these can be easily compromised. For example, if your computers don’t need Flash or the Java plug-in, consider uninstalling them.

12. Employees' lack of cybersecurity skills

"People still represent the biggest security risk for most companies. I spend an inordinate amount of time worrying what folks click on in emails and on websites. I also worry about GDPR and all of the shifting compliance rules. Trying to manage all the new rules is extremely complex when they change every couple of months. Finally, I have a fear of interconnected identity sharing: the hotel Wi-Fi, the Netflix account on the tablet over our corporate networks, the phone in the coffee shop, and all the ways we interact with networks on devices that live both inside and outside our corporate network."

13. Rogue Software

What is it? Malware that masquerades as legitimate and necessary security software that will keep your system safe.

How does it work? Rogue security software designers make pop-up windows and alerts that look legitimate. These alerts advise the user to download security software, agree to terms or update their current system in an effort to stay protected. By clicking “yes” to any of these scenarios, the rogue software is downloaded to the user’s computer.

How can I prevent it? The best defence is a good offense—in this case, an updated firewall. Make sure you have a working one in your office that protects you and your employees from these types of attacks. It is also a good idea to install a trusted anti-virus or anti-spyware software program that can detect threats like rogue software.

As with most types of crime, vigilance is one of the keys to prevention. As cyber criminals become more sophisticated and more transactions migrate online, the number of threats to people and businesses will continue to grow. Prepare yourself and your business by taking the time to secure your systems and make cyber security a priority.

14. Security issues with the Internet of Things (IoT)

Internet of things

"The biggest fear for an IT manager is that I talk to is the encroachment of IoT (Internet of Things) equipment into their organizations. So is this an irrational fear? Hardly!

"The fear comes from the knowledge that many of these devices have hard coded firmware where the passwords are common to the device, but not the user of the device. Couple this with the fact that organisations can't simply go in and change the password to make it unique and thereby less exploitable, and you've got some real challenges. The conundrum that IT managers now face is how to protect the organization while at the same time introducing new technology into the workplace, which will make employees' lives easier and make the business, as a whole, more efficient."

15. Policies around BYOD

BYOD
A big fear heading into 2018 is how to avoid a network breach along the lines of what happened to Equifax and too many others. Based on what we're seeing, these fears are warranted. It's not a question of if this will happen, but when.

"Also, with more and more companies adopting BYOD policies, It managers should be concerned about how to account for every device attempting to access their network, how to determine the level of access that is authorized for each device, how to provide network monitoring on a 24/7 basis, and how to protect their company's most sensitive data from unauthorized access."

Just as pollution was a side effect of the Industrial Revolution, so are the many security vulnerabilities that come with increased internet connectivity. Cyber-attacks are exploitations of those vulnerabilities.

For the most part unavoidable, individuals and businesses have found ways to counter cyber-attacks using a variety of security measures and just common sense. Regardless how safe a business feels it and its systems are, however, everyone must still be aware of and vigilant toward online threats.

This is not definite as there will be more types of “new” compromises in 2018, and therefore as they say the best form of defence is offence, and to ensure you are on the right path to minimising these threats, it is advisable to have an organisation assist in these areas.

If you do need help regarding the above even if it's just simple advice get in touch. ATG are always happy to help.