Knowing how laptop-wielding larcenists may wreck havoc across your company is half the battle
Until roughly 20 years ago, theft used to be a physical act. Robbers broke into people’s houses, raided banks and planned heists to steal valuable possessions. Although these acts still occur, they’re far less commonplace. These days, crime has gone digital.
Cybercrime is multi-faceted and complex and it’s impacting businesses everywhere. More and more criminals are exploiting the speed, convenience and anonymity of modern technologies to commit a diverse range of criminal activities against enterprises. To help organisations protect themselves from cybercrime, five executives have come together to explain the top five forms of cybercrime that are used against businesses and how to defend against them.
“Fortunately, many of the security measures used to prevent known web vulnerabilities can help prevent cryptojacking. Security training, installing ad blockers and utilising cloud and endpoint protection solutions will all help to protect against cryptojacking.”
The WannaCry attack in May 2017 is probably one of the most well-known breaches ever. Not only did it cripple tens of thousands of machines but it also made many people intimately familiar with the term ransomware. “[Ransomware] is the newest iteration of criminals holding hostages but instead of people these new age criminals focus on data and computer systems putting a price on the ability to regain access,” says Steve Blow, technology evangelist at Zerto, the disaster recovery firm. “Ransomware is one of the biggest threats to businesses and organisations and it can have crippling effects. Take the WannaCry attack that hit the NHS last year as an example, this led to cancelled surgeries, chaos at GP offices and the loss of lots of patient data.
“In today’s technology driven world, despite all of the defences an organisation can put up, cyber criminals still seem to get in, so organisations need to make sure they are prepared for the worst, as unfortunately, it’s not ‘if’, it’s ‘when.’ This preparation is underpinned by a dynamic, modern approach to business continuity, disaster recovery and backup – the key technologies that get a business back up and running again without worrying about caving to ransom demands.
“A recent analyst study determined that 50% of surveyed organisations suffered an unrecoverable data event in the last three years – many of which found themselves dealing with ransomware. When anything from customer loyalty and brand reputation, to patient care and business survival are at risk, it’s essential to ensure that the technology your company depends on can provide continuous data protection, utilise the cloud for the safe keeping of data, and ultimately guarantee resilience in the face of ransomware.”
(3) Malicious insiders
“When Tesla employee, Martin Tripp, got passed over for promotion recently he sought his revenge by writing code that exported gigabytes of Tesla's sensitive data, including dozens of confidential photographs and a video of Tesla's manufacturing systems,” says Jan van Vliet, vice-president and general manager EMEA at Digital Guardian, the cybersecurity firm. “This is a classic example of the malicious insider threat, an employee who wilfully breaches his duty and exploits the technology, assets and intellectual property of his or her employer.
“Because they are already inside the network, malicious insiders can be difficult to catch. Organisations must, therefore, try to break the sense of ownership or entitlement that employees often have over data with clear intellectual property policies and back this up by tracking important data at all times, to understand when it is opened, uploaded, downloaded, copied, emailed and printed. Deploying data-centric security technologies can also remove the risk factor associated [with] malicious insiders because even if someone has access to the data, they are prevented from copying, moving or deleting it without approval.”
(4) Cold boot attacks
"The cold boot attack is an old attack going back a decade or more,” explains Garry McCracken, vice-president of technology at WinMagic, the encryption company. “This attack was for the attacker to boot into a USB memory stick by causing a power reset and then scrape the Microsoft BitLocker encryption keys from the memory.
“The problem is that the cold boot attack was resurrected [earlier this year] by some researchers at F-secure. The F-secure exploit disables that protection, [enabling] the attack [to exploit] the fact that the firmware settings governing the behaviour of the boot process are not protected against manipulation by a physical attacker. Using a simple hardware tool, an attacker can rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices.”
“In my view, the core of the problem is the very idea that keys be loaded automatically into memory without authentication. Unlike BitLocker, user-based pre-boot authentication has been baked into some solutions from the very beginning. There is no undue impact on usability or operational costs like there is to enable device PIN authentication in BitLocker. In fact, using solutions to manage BitLocker encryption, organisations can continue to use BitLocker but get the compliance and security benefits of user-based PBA."
(5) Stolen credentials
"Stolen credentials – such as IDs, user names and passwords – are the holy grail for cyber criminals,” says Stephen Gailey, solutions architect at Exabeam, the security management company. “They are the most common goal for modern attackers, as they offer a legitimate way of accessing the network. Stolen credentials allow an attacker to become invisible in your environment, if you don’t have a user entity behaviour analytics (UEBA) system and to move at will gaining access to systems and stealing data.
“While there are a number of steps an organisation can take to minimise the risk of credentials being stolen in the first place, by far the most effective way of mitigating the threat is to ensure you have the ability to detect the unusual use of valid credentials when it occurs – and it will.
“With behavioural analytics, organisations can baseline normal behaviour in their network. This means when user and system accounts begin acting in an unusual or risky way, the security team is notified and a further investigation can begin. It could be someone logging in to a system they haven’t accessed before or in a different way, at an odd time of day or from an unusual location, that raises a red flag. But by getting an early indication of when account activity is not normal, security teams have a better chance of intervening before any damage occurs."
Ultimately, when it comes to cyberattacks, the best offence is a good defence. By being aware of these common cyberattacks, and putting in place strategies to protect against them, organisations drastically reduce their likelihood of a data breach.