It’s no secret that in the past few years, business leaders have begun to realise the potential of digital transformation to give their organisation a competitive edge. Through driving productivity, empowering staff and creating engaging experiences for customers; investing in digital technology has become a number one priority for businesses looking to secure their place in our digital tomorrow.
However, as seen from the recent ransomware attacks that have shaken organisations across Europe – including the NHS – the maturation of the digital industry has brought its own set of unique challenges. From phishing emails, to DDoS attacks, to mass-scale data breaches; protection against cybercrime has risen up the business agenda in every organisation.
Given the UK Government’s pledge to commit £1.9bn towards combatting cybercrime, and to educate and train cyber security experts of the future, it’s encouraging to see how cyber security has become a national priority. After all, in what is a turbulent UK market, UK businesses are equally responsible for ensuring that the UK remains one of the safest places in the world to do business.
Not only is it important to fund, educate and train businesses on combatting cybercrime, but there need to be regulations in place to hold organisations accountable for security breaches which result from outdated security. In the past year alone we have seen record breaking fines when a company has been subjected to a data breach or cyber attack, let alone the damage on their reputation. Making an example of these companies by providing severe financial penalties is exactly what the new General Data Protection Regulation (GDPR) – which will come into force next year – will look to enforce.
As a result of the changes in regulations and the expectations of customers, it is even more important for organisations to have the people, processes and technologies in place to help them become more proactive in their approach to cybersecurity. Based on the growing technology trends, here are four examples of areas of vulnerability business are facing today and some common practices that can be put in place to avoid attacks:
1. Companies continue to have a blind spot
Last year saw a rise in attacks against enterprises using Microsoft PowerShell. A framework and scripting language installed by default on all Windows computers; it enables attackers to take advantage of those organisations which lack adequate protection for malicious use. For example, tools such as PowerShell Empire, frequently used by penetration test teams, are also used by attackers to make it easy to bypass the perimeter, create backdoors and then move laterally around a network. Being part of the Windows system makes it easier for attackers to use it as part of their attack cycle, but more difficult for network defenders to identify malicious use. That’s if they’re monitoring at all.
Moving forward, organisations will need to review their monitoring capabilities, logging levels and also working to identify what known good scripts are in use across their networks to have the ability to detect malicious attacks where possible.
2. Increased focus on the mobile market
The increasing use of smart devices for personal and business data make mobile platforms a valuable target. Whilst many organisations are now upgrading from legacy Microsoft operating systems that have been frequently targeted for their vulnerabilities, attackers will continue to develop innovative ways of attacking mobile platforms with ransomware demanding payment for the return or decryption of personal photos.
By supplementing mobile device management with robust security controls, businesses should be making mobile device management a priority. For example – mobility champions should decide what types of corporate data approved work devices can share, then determining the most effective security measures for protecting the data on the devices.
3. Smart cities under threat
As we continue to see the exponential growth of IoT devices, we’re seeing security issues that we hadn’t even considered before. For example, whilst ransomware having the ability to take out a city of ‘smart’ connected lights would have seemed unlikely and unfeasible a year ago, attacks such as these are becoming more prevalent. Take the attack of over 150 emergency sirens in Dallas, Texas as an example. Disrupting residents and overwhelming 911 operators throughout the day, the attack was an example of how we’re entering a new sector vulnerable to cyber-criminal. Also, who would have thought that a motorway digital sign could be “hacked” to show other messages when the sign was designed as an important information sharing device.
What this means is that these platforms need to be controlled, and the governance around the management of those control platforms will be paramount. This includes the security controls of the supply chain involved in the delivery and control of any part of the smart city we’re now connecting. Whilst, attackers may not try to exploit vulnerabilities in connected cities, they may seek to install ransomware in a critical part of the infrastructure.
4. Poor routine IT practices
The sad truth is that in many cases, the cybersecurity problems organisations face aren’t necessarily a result of new cyber attack techniques or malicious insiders, but instead those business which don’t carry out the simple – yet vital – housekeeping tasks that cut down on risks.
By neglecting to put in place effective vulnerability patching or appropriate threat intelligence or failing to use an access management system that truly reflects only current users, this leaves business needlessly vulnerable to data loss, data theft or external disruption of their systems.
Additionally, we have a responsibility to ensure training and education of our people is relevant and appropriate and means something for their job function. It is now too important for the cyber security training to simply be seen as a necessary tick box within an organisation; our people remain a key part of our defence and need to educated as such.
As this is set to be a continued issue, most of the headlining breaches are arguably avoidable.