Future-proof Your Business

Next Article

SocialEngineering&Ransomware

The future of

CYBERSECURITY

It is clear that cybercrime has evolved massively from its early days of individual hackers creating mischief with selfdeveloped worms and viruses. Today, there are organised syndicates of criminals actively working to break into companies and steal their critical intellectual property, customer databases and financial records. In fact, entire countries are known to participate in forms of cyberwarfare – again, usually by targeting key businesses or utilities in the ‘enemy’ nation.

By recognising the rapid and continuing evolution of cybersecurity, we are more easily able to understand how we can best position our businesses to remain protected, regardless of the speed at which the criminals are evolving their approaches and techniques, suggests Ritesh Guttoo, Cybersecurity Lead for Africa, India and Middle East at EY.

“Cybersecurity is only going to become more important as we move forward. It is quite obvious that the threat landscape is evolving rapidly – driven by the huge upheavals in the way we’ve been working over the past two years – which has opened up new attack surfaces and vectors for the bad guys to exploit. Remember that, in business, we traditionally utilised what could be called a ‘closed environment’, in that your systems were within a network that was protected by a firewall to prevent intrusions, as well as internal controls like anti-virus, which ensured that files were scanned and malware was avoided,” says Guttoo. Changing environment “However, this environment has changed dramatically, because of the shift to remote working, the increasing use of the cloud and the increase in automation tools being implemented by businesses. Thus, the system is no longer a closed one. There are many companies adopting the cloud, both for collaboration purposes and for the cost and efficiency benefits. While the core systems may still be hosted at the office, unstructured information like Word documents, emails and so on are stored in the cloud.”

The challenge here, he notes, is that the criminals are targeting users directly, as they are aware that if they can gain access

Cybercrime is a fastevolving challenge, so the best prepared companies know what lies ahead, to the best of their ability, and plan how to combat to that individual’s workstation, it will be much easier to access the company’s private network. So recent months have it early. seen a surge in email threats and social engineering attempts, in order to convince the home user – where security is likely to be less sophisticated – to unknowingly introduce malware into their system. “We have witnessed a significant increase in threats targeting the end user, and this is simply down to the global switch to the work-from-home environment. The other things we have noticed is an increase in the targeting of cloud service providers, simply because of how much valuable information is help in the cloud. And it is for this reason that it is imperative businesses today fully understand the security practices of their third-party providers – be they providers of the cloud, an application or third-party software accessed through the cloud,” Guttoo adds. “If you wish to future-proof your business, it becomes more difficult. Remember that the cybercriminals are investing massive resources in their attacks, including malware driven by artificial intelligence (AI), which enables it – should it be blocked by a security program – to automatically change its signature, pattern or file name before trying again. And it may keep doing

this until it finds one that your security system allows through. These are known as advanced persistent threats (APTs) and, even when deleted, may remain in your computer’s random-access memory (RAM), and thus be able to attempt to reinstall itself later.”

Guttoo offers some advice on how to deal with such threats: change your company’s servers every few years, because – as he points out – “you simply don’t know what’s on there by that stage”. Moreover, he indicates that, with APTs, you simply cannot only rely on traditional security controls, despite this being exactly what many SMEs do.

“If you are relying on such controls, you have probably already been breached and are unaware of the fact. If you undertake a thorough investigation, you will likely find numerous hidden malware files, which are usually introduced into the system via phishing e-mails, unknown USB devices, or visits to ‘bad’ websites. Realistically speaking, anti-virus programs and firewalls are never 100% effective at detecting ATP malware. So, there is definitely a need to evolve in order to protect your systems against these kinds of threats.”

He advises you start by relooking at your security controls. Large enterprises usually implement a security operations centre (SOC), which includes a full time security team that considers everything in the environment on a 24/7 basis. If there is anything that differs from the security baseline, they investigate in order to detect such threats. However, this is a costly approach, so it also has its limitations. Leveraging technology Something that offers great potential are data science platforms, which can be used to identify what is normal (baseline) and if something does not match, it triggers an alert to warn the security team. These platforms utilise AI-driven algorithms to detect anomalies.

“The problem with a data science platform is that the data has to come from the business security logs, and a lot of organisations out there don’t have proper security logs. Therefore, the first order of business if you want to leverage such a platform is to ensure that the logs related to all electronic devices connecting to your network are properly kept. This is a much more cost-effective approach than implementing an SOC.” He adds that as such platforms become the norm, they will also become more affordable for smaller businesses.

He notes that an analysis of forecasted threats and attacks for the year ahead indicates that the top threats are likely to remain the same as in the past, but now usually with an altered attack vector or a new electronic signature making it harder to identify.

“On the other hand, looking a little further ahead, I suspect the next big challenge is going to arise with industrial control systems and smart devices – what is basically the internet of things (IoT). Here, we have devices that never used to be ‘smart’, such as printers, CCTV cameras or even coffee machines connecting to the network, but these devices seldom have sufficient security controls to protect your network, thus providing a back door for the bad guys. “Then ransomware is also becoming much more advanced, as well as becoming increasingly accessible to virtually any potential cybercriminal – today, much as a business may purchase software as a service, so the criminals using the dark web can now buy ransomware as a service!”

Guttoo notes that when defending against IoT-focused attacks, the first thing you need is to be able to understand the data coming out of these machines. To this end, he says, you need to foster strong relations with your technology vendors, so you can ensure you have the solutions that can clearly understand the data from these systems.

Then, when dealing with ransomware, you should adopt a back-to-basics approach – sometimes called the 3-2-1 rule – which involves your primary data and two backups thereof, saved on two different types of media, and one of the backups should be kept off site.

“The other critical aspect to understand about the future of cybersecurity is that prevention is no longer enough. It is equally crucial to carefully plan your response to an intrusion or attack: you will need strong incident response plans, and these need to be tested regularly to ensure they work – the last thing you want is to put a plan into action the first time you are hit, only to find out it doesn’t work the way it should.

“Ultimately, the best way to future-proof your business and be prepared for a future with an increasing number and variety of threats is to ensure that security is always at the centre of your business planning,” Guttoo concludes.