As the world is getting more and more digital, so are the risks associated with it. The risks associated are getting direr as we come to know about the data leakages, identity thefts, hacking attempts, ransomware attacks etc. It has become a matter of concern for governments, enterprises and users in general. We need to understand that the risks cannot be eliminated but can only be reduced to an acceptable level. One of the key ingredients to ensure this is to have a cybersecurity strategy in place.
The strategy has to be derived considering two different objects. The two points cover both the internal and external aspects.
The type of organization and risks associated with it. Some industries try to focus more on data security, some on end point security and some on meeting compliance stands. Once the priorities are defined, next step is to come up with controls for them.
Past incidents both locally and globally.
WannaCry: The infamous ransomware that gained worldwide attention. It targeted numerous national health services and various other organizations globally. This incident had direct impact to the life of the patients, delaying the medical procedures and creating chaos.
Petya/Non Petya: The ransomware has some similarities with Petya ransomware of 2016 hence the name Not Petya. The ransomware hit power companies, airports, public transit. This was the second incident of ransomware attacks that had global impacts.
Zomato Hack: One of the largest Indian restaurant aggregator was hacked in 2017. It was reported that some of its user credentials were sold on darkweb. There was no financial loss since the payment related information is stored in a separate location.
HBO Hack: Hackers acquired 1.5 TB of data by hacking into HBO’s system. The data contained yet to be aired episodes of famous Game of thrones, Room 104 etc. The episodes were released online followed by ransom demands from HBO. Any further details were kept secret by the HBO.
With increase in digital endpoint systems, one of the major and most vulnerable are mobile phones. In 2017 Google has identified and removed a lot of malicious applications from Play Store. This indicates how vulnerable the mobiles can be when it comes to downloading applications even from the trusted sources. The risk is even high for those who install and use applications from third parties.
2017 has proven that the impact of ransomwares can be severe and widespread. Using this knowledge and previous knowledge, smart ransomwares are not far. AI and machine learning can be implemented for both defensive and offensive purposes. The attackers can use them to launch sophisticated attacks. The power of AI and machine learning can be used to perform:
- Smart Brute force attacks:
Using the knowledge from previous breaches, common passwords etc. to narrow down the brute force attempts.
- Cryptographic attacks:
Analysis of encrypted traffic in known cipher text attacks to identify advanced patterns.
- Attack Obfuscation using AI:
Change the attack traffic pattern to prevent detection using behavior analysis.
The knowledge of AI and machine learning can be used in SIELM solutions and proactive detection of incidents. The power and knowledge is on both the sides. Let’s who uses it first.
We are moving more towards smart devices which are connected to the internet. This provides the hackers with more attack points with weak defenses. These devices are presently focused on functionality and not much about the security aspect. Another point to ponder upon is the use of botnets to compromise these devices which can be further used to launch DDoS attacks. This is going to be a big issue in 2018 as well as different companies and brands are getting into the IoT wagon. Smart homes are a new trend which is growing day by day.
A lot of internet connected devices – lights, doors, locks, thermostats, AC’s, TV’s are connected to a single network. Hackers will continue to exploit the devices and can get to control your home without getting in physically. Now just consider the impact of network getting compromised, this can pose a serious threat to life as well.
This explains how the companies should store, process and secure the personal data of the European Union citizens. By now companies should have been prepared on how this has to be implemented before the deadline is reached (May 25).
Companies will be pushing to achieve this but still there some cases of infringement and fine are expected in 2018. For sure, compliance to GDPR will cost the companies but not sure how much. A few of security giants believe that attackers will use ransom-wares and digital extortion to threaten non GDPR compliant companies.
Humans are one of the weakest links in the security posture of an organization. Organizations are aware about what phishing is but less on how to detect a phishing email without getting phished. Attackers are becoming more and more advanced when it comes to phish the users. It has become tough for an untrained eye to detect phishing emails these days.
Attackers have narrowed down on the details of the users, geography, time of the email and even the environment where it has to be sent. For ex: Specifically crafted mails for the users to file tax returns during the tax filing cycle. At the time your inbox will already have legitimate emails from the tax department and a few phishing emails as well with precise content. This year also these kind of attacks are expected and may have a significant impact on the users and organizations.
With increasing number of cryptocurrencies and mining pools, it is expected that the attacks on these cryptocurrencies will increase. Probability of attacks on bitcoins are slim but other block chain systems which uses weaker crypto algorithm for performance reasons might get attacked.
Ensure that the employees are trained about Information Security in general and about the policies of the companies as well. They should understand the impact of potential breach and leakages. Trainings can be in the form of classroom trainings, Notifications or computer based trainings. One thing which need to be improved is that the trainings need to be followed by tests, quizzes or other mode of feedback to ensure that whether employees have benefitted from the awareness or not.
Implement a SOC to monitor what is happening around in the network. An efficient SOC will be able to detect the threat much ahead of time and will leave us with enough time to respond and take necessary precautions. E.g. A web application attack can be easily detected by a SOC by analyzing the traffic patterns. Any abnormal traffic is an indicator that something is being attempted.
It’s not something new which has been discussed but still organizations have a hard time to manage and govern the end points. The governing guidelines should be developed and then acted upon. For starters the security objects taken into consideration can be AV, Windows Patch and Inventory management, Network diagram and Firewall rule reconciliation. Regular audits need to be conducted to ensure that the hardening matrix is being implemented and is in line with the security policy. If not all, Windows Patch is one thing which need immediate attention for most of the mid segment organizations. Similarly devices in IDC and web applications need to be acid tested for security.
2017 has proven to be an eye opener for the organizations and the users as well. Organizations need to understand the need for cybersecurity and its impact if absent. It has now become a CXO level agenda for most of the organizations. Cybersecurity strategy should be prepared by the organizations with a clear plan of what has been done, what is ongoing and what needs to be done. It should also cover broad topics like Incident management, Monitoring & Response and Data leakage Protection.
Security is a double edge sword with both attackers and defenders sharpening their edges and following both symmetric and asymmetric methods and practices so be prepared for 2018.