Kevin James - The IT Control Specialists

    Exposing IT Security Risks: Why Prevention is Better than a Cure

    In every Western civilisation in the modern world, traditional crime (ie. Theft, Murder and Violent Attacks) have fall consistently year-on-year since World War 2. While the news media often try their hardest to persuade us otherwise, we live in perhaps the safest time ever in history.

    In contrast, the amount of cybercrime and fraud carried out on the internet in recent years has seen huge rises all over the world. In 2014 alone, the number of detected Cyber attacks increased by 48% to roughly 117,339 incidents per day. This figure rose again by a further 38% in 2015. (Source: The Global State of Information Security Survey 2015, PricewaterhouseCoopers).

    These startling statistics have shaken the business world into action, prompting the vast majority to put some form of security measure in place – from BCM and a Cybersecurity Framework (ISO 27001) to Cloud based Backups, anti-virus and firewalls (and sometimes Endpoint Security). However, there are a number of key concerns which have not been explored, many of which have huge implications for the future of business.

    Don’t believe Cybercrime is a big deal?

    Take any snapshot of time over the past two years and you can see the real depth of the issue. The website Hackmegeddon regularly lists companies that have been targeted: click here to see their cyber attacks timeline.

    The Rise of Cybercrime

    When it comes to hacking and IT security, there are four main motivations: Cyber Espionage, Cyber Warfare, Hacktivism and Cyber Crime. While the first two categories are relatively simple – the first being attacks against government servers, the second being attacks on weapons systems or surveillance systems – the final two are often confused with one another.

    anonymous-kkkHacktivism often concerns celebrities and their social media accounts or corporate websites – the intention is to pose as that person and defame their character in the name of a social or political cause (hence the name).

    Cybercrime however, is the creation of viruses or planting of embedded computer code, designed to extract target data, cause permanent damage to critical system areas or exploit IT system vulnerabilities.

    Distribution-May-2016

    While many reported instances of hacking focus around Hacktivism or Cyber Espionage, the rise of Cybercrime, especially concerned with fraud, has begun to have a significant impact on both consumers and businesses.

    Cybercrime alone costs the global economy about $450 billion each year, a value that exceeds the market capitalization of Microsoft Inc. and Exxon Mobil Corp. Put another way… cybercrime would rank as the world’s 23rd largest economy – larger than countries such as Austria and Iran. If cybercrime were a U.S. industry, it would be bigger than the entire farming or oil and gas extraction industries.

    prevent graph

    “As recently as 15 years ago, cyber-attacks were fairly rudimentary and typically the work of hacktivists, but with increasing interconnectivity, globalization and the commercialization of cyber-crime there has been an explosion in both frequency and severity of cyberattacks,”

    Allianz Global Corporate & Specialty (AGCS) CEO, Chris Fischer Hirs

    The Past Five Years and the Future of Hacking

    The past five years have seen unprecedented levels of cybercrime. Below is a breakdown of the most common methods used during those years and how companies reacted:

    future

    2010: Network Breaches – Physical tampering, spyware, and data-exporting malware were the top three attack methods. There was a notably small spend on data protection rather than anti-virus. Less than a fifth (19%) of security spend was dedicated to database security, 14% to application security, another 14% to endpoint security/anti-virus, 10% to identity management, and just 1% to data protection.

    2011: Stolen Credentials – Spyware remained a top mode of attack, joined by brute force and the use of stolen credentials. Despite the massive increase in attacks through the use of stolen credentials, companies continued to invest just 1% in data protection.

    2012: Backdoor Exploits – In 2012, spyware and the use of stolen credentials remained among the top three methods of attack, joined by backdoor exploitation.

    More than a fifth (21%) of total security spend went to database security, 15% to application security, 13% to endpoint security/anti-virus, 8% to identity management, and again just 1% to data protection.

    Did you know: 2012 was the year in which the now widely known ‘hacking team’ first gained recognition for its Remote Control System (RCS), a sophisticated spyware program marketed and sold exclusively to governments and claimed to be untraceable.

    2013: Stolen Credentials – Attackers used stolen credentials to carry out data breaches more frequently than any other method, with data-exporting malware and phishing the top three modes of attack.

    Companies dedicated 40% of their total security technology spend on network security, while 21% went to database security, 16% to application security and 12% to endpoint security/anti-virus. Still, just 1% of total security spend was dedicated to data protection, despite the marked increase in stolen records and data theft.

    2014: Stolen Credentials – In 2014, stolen credentials remained the top mode of attack used by cybercriminals, followed by RAM-scraping malware and spyware. 38% of security technology spend was dedicated to network security, 18% to endpoint security/anti-virus, 16% to application security, another 16% to database security, and 13% to identity management. Data protection remained the lowest spending category at only 1% of total IT security technology spending.

    2015: It’s complicated… – In 2015 attacks grew in sophistication as cybercriminals used new tools and malicious programs to infiltrate corporations and exfiltrate sensitive data. This inlcudes personally identifiable information (PII), protected health information (PHI), and payment card industry (PCI) records as well as intellectual property and other confidential documents.

    In effect this is the same principle as using stolen credentials, except they are now digital credentials which apply to large data sets rather than single users which offer access to extremely limited data. This type of breach is significantly more dangerous – in May the IRS reported that cybercriminals used one of the IRS’s online services to obtain tax return information for more than 100,000 households in the US. The cybercriminals used stolen PII to gain unauthorised access to the tax-agency accounts. Around 15,000 fraudulent refunds were issued as a result.

    2016: Ransomware – This year has seen a rise in malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. Modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key. Even when this fee is paid, there is no guarantee that the system will not remain infected and that the hacker will repeat the same process again.

    Learn more about this type of attack here.

    2017 and the Future: Unknown – The future of Hacking is uncertain. It can assumed that many of the current techniques will be improved and that new approaches will be formulated. In essence, while it may be possible to say what data will be attacked, the vector (ie. The way that data will be extracted or attacked) will bypass regular security firewall filters.

    A Summary: Hacking and NDA’s

    At Christmas in 1987 the first ‘in the wild’ virus was created. It was called the Vienna virus, and it loaded a small .com script via DOS (to infect an uninfected file and delete some random components). It was characterised by the message it left behind.

    Vienna_Virus

    This was later copied and parodied in a number of films.

    maxresdefault (2)

    And is still commonly used by hackers today.

    a

    While 19 years have passed since the first virus, the same basic process is the same: Introduce a hidden piece of code. While the way this is can be achieved has greatly expanded (see below), the principle remains unchanged. This means to some extent the core ideas and methods behind hacking are well understood, and can be readily identified.

    Vactors-May-2016

    There are two big problems though, even with this knowledge:

    1. Users are not aware they have been hacked until it’s too late.

    New deployment methods are created all the time. Not all viruses are activated instantly, for instance – many will lay dormant within a system until they receive a prompt to activate. This may be in the form of an email, or even part of a script within the virus itself. For instance a virus may contain an agent which boots the machine at a set time (when there are no security staff on-site) and exports all files labelled under ‘finance’ to an external location, then encrypts all data on the network. (This is an example of a time-delayed Ransomware attack)

    1. Company fear of reputational damage or litigation

    One of the key problems in the IT industry and managing IT security in the UK, is that unlike in the US there is no obligation for companies to inform their customers if they have been hacked. Indeed, companies can enforce an employee NDA to ensure the information isn’t leaked. Therefore a company may choose to pay a ransom or accept data loss rather than risk the reputational damage or data protection enforcement backlash that admitting a security breach may cause. This means even world leading anti-virus programs may be exposed to real threats, simply because the companies who create them have not been made aware they exist.

    “In addition incidents on computer/network infrastructures (outages, disruptions of different sizes and scales) are also occurring. However they are not reported due to fears about loss of reputation or lack of legal requirements and, thus, don’t make the headlines. Alternatively, businesses manage these internally due to lack of insurance,”

    Georgi Pachov, Group Practice Leader Cyber, CUO Property, AGCS.

     

    The Modern Solution – Unified Threat Management

    Luckily, it’s not just hackers that have been busy. Smoothwall, one of our security partners, have made key advances in their approach to web-based security. Rather than using a rigid code template to separate applications or web-pages into ‘safe’ and ‘not safe’, their dynamic approach scans each item individually and removes all potential risks completely. That includes advertising pop-ups and any auto-run script without the proper authorisation and security checks. This ensures that the ONLY data which enters a network has been systematically approved as safe.

    The development of UTM solutions, such as Smoothwall, follow key changes across the IT industry, but the success of these products clearly indicate a simple fact – that soon, protecting simply against known hacking methods will not be enough.

    Kevin James: Smoothwall – Unified Threat Management

    We offer a full installation and management of the Smoothwall solution. This offers full control over IT security and minimises all risks of cybercrime affecting business. Smoothwall is expansive and highly customisable, with clear boundaries for staff web browsing and defined levels of security for different staff members.

    Smoothwall can also be used to halt visits to non-acceptable websites, such as those which contain explicit content or examine themes which are not appropriate for a work environment.  A request can be sent directly to the administrator to provide access if the visit is required for work and approved by a line manager. Smoothwall can also be used to minimise employee social media browsing during work hours, with exception rules in place to allow them onto sites (such as Facebook, Twitter and Instagram) during lunch hours.

    Smoothwall-guardian-policies

    Interested in Smoothwall?

    Smoothwall is a large solution that best suits large businesses, especially those with a younger workforce. Introducing this solution can introduce massive improvements to efficiency and workload. If you are a smaller business, but are still interested in internet filtering and web protection, please contact us directly.

    Take a look at Smoothwall


    6 comments on “Exposing IT Security Risks: Why Prevention is Better than a Cure”

    Leave a Comment

    Your email address will not be published. Required fields are marked *