4 minute read
Grey Matters - How can businesses detect cyber attacks early to minimise damage?
New malware variants are emerging on a yearly basis; cyber security professionals must adopt the necessary skills. There will also be an increasing shortage of IT professionals in 2019.
There are many areas of the law that aren’t black or white. Grey Matters is our know-how programme to help you discuss those intricacies.
Advertisement
Ransomware attacks - such as WannaCry which affected an estimated 200,000 computers across 150 countries - might give the impression that cyber criminals want their pay-off immediately, says Benjamin Hosack, Chief Commercial Officer of cyber security firm Foregenix. However, this can be misleading and hackers often exploit security breaches over the course of months and even years in covert attacks which do far more damage.
So what can you do to minimise the chance of your website being hacked? Benjamin outlines the steps you should take.
Breaches of security are getting more expensive and it’s often SMEs that are worst affected although larger companies are by no means immune. It can take six months for an average business to realise they have been hacked, which means cyber criminals gain long-term access to highly sensitive personal identifiable information as well as financial data.
The good news is that you can improve your ability to identify attacks early and substantially reduce possible damage with quite straightforward activities:
1. Install updates Research based on 80,000 European Magento websites found that 80% are vulnerable to cyber attacks and the main reason is a simple failure to install the latest updates. So patch or update all software!
2. Use threat detection services Specialist cyber security firms provide high–end Managed Detection and Response Services to cyber threats. As most companies struggle to detect the threats in the first place, this type of service is vital in reducing the likelihood of experiencing a catastrophic breach.
3. Use a honeypot Honeypots are decoys that appear to be legitimate components of a business’ network and contain valuable data. As soon as a honeypot has attracted the attention of the cyber criminal, a warning is triggered. Combining a honeypot with other security controls provides an additional layer of security and is highly recommended.
4. Train your employees The biggest cyber security weakness in any business is the people. Train your team, including non-technical staff. Keep everyone up to date with the latest cyber threats security and make them aware of how they can raise the alarm in case of an attack.
5. Monitor security alerts daily Attack traffic usually has a very specific pattern and hacked systems can be detected quickly if security alerts are being monitored.
6. Learn from the past to predict future attacks Cyber criminals certainly do like to strike in the same place twice – and often by the same methods. Pre-emptive action and monitoring based on past attacks can lead to quick identification of a security breach.
Businesses that take these actions will also reduce any potential damage, both financial and reputational.
Foregenix are global leaders in digital forensics and information security. They work with a number of businesses including Betfair and McColl’s Retail Group and offer a website health check to secure your online business. For further information www.foregenix.com
Our cyber security and privacy expert Emma Banister Dean gives some practical advice on what to do when a breach occurs.
Cyber threats arising from state-sponsored attack used to be the stuff of Hollywood films. From strategic trolling on social media targeted at influencing voters to cyber attacks on institutions to impede the investigation of alleged poisoning, the reality of organised cyber interference is now clear. In order to gear up cyber expertise, the Ministry of Defence has launched a cyber cadet training program (the first such initiative in any NATO country). The aim is for the program to produce up to 2000 cyber cadets a year. Interesting and concerning though these developments are, the likelihood of a state sponsored cyber attack on our organisations or homes is relatively remote. Boards and C-Level management are now looking to implement programs that help the business prepare for, quickly recover and reduce fallout from inevitable cyber incidents.
Most cyber criminals are looking for the maximum financial return for the shortest investment of time. Some are also seeking to disrupt organisations due to grudges or political beliefs. As Benjamin states the weakest link in any network is its people.
There are consultants like Foregenix who specialise in human behaviour related to cyber security. They can help to identify risky behaviour within the organisation and to target staff training to minimise those risks. Software designed to flag up unusual keystrokes, access to parts of the server not required for day-to-day tasks or unexpected use of administrator functions helps to alert you to rogue employee activity which would otherwise only be discovered once the damage is done, being inside the firewall.
Control over the use of portable devices and what files are uploaded to the network is also key. In many cases access is granted to cyber criminals by senior managers who think that their laptop or data stick are the exceptions to the rule. Whilst policies are essential to manage the risk, they are only as good as their implementation. If nuclear installations are shut down by cyber attacks made possible by infection from the laptops of third party contractors, it is hardly surprising that people forget their protocols in lower risk environments.
CLUES FROM 2018
• Cyber hacks of major corporate systems and websites continued apace and will be part of the 2019 cyber security scene
• Many well-known, international companies and namebrand organisations suffered significant breaches
• Beyond common corporate attacks, 2018 was marked by accelerated threat activity across a range of targets and victims.
When a cyber attack comes to light, preparation is the key to an effective response. Emma suggests the following:
• Set criteria for what personal data, if accessed, should trigger a report to the Information Commissioner
• Establish your thresholds for reporting to the data subjects themselves
• Prepare draft notification emails to data subjects and a press release for your website
• Have connections with forensic data experts who can act to stem the breach and report on its causes
• Implement best practice on segmenting your network under appropriate security.
Both at work and at home, we are all becoming far more aware of the value of our data and the significant financial risk that a breach poses. A small amount of focused effort now will be of very significant benefit in reducing your risks and losses later on.
