Information security today: What threats are we faced with?
ARRESTING cybercrime is becoming more and more cumbersome due to the ubiquitous nature of commission of these offences. Modern technologies and ever-evolving ways to circumvent security measures are not helping issues. We are faced with a grotesque amount of threats as we utilise the internet for our day to day tasks.
Multiple threats face the technological spectrum today. Top among them are users, inadequate security technology, new technology with weak security, social media attacks, incorrect configuration, use of third party applications and software, mobile malware, outdated or unpatched software, lack of encryption, weak bring your own device policy, social media attacks, social engineering among others.
Users, be they administrators or ordinary users, present the biggest threat and vulnerability in the security matrix. They are responsible for a large number of security incidences that occur in the workplace. They may come as insider threat as in the case of disgruntled employees or resultant from accidental user action. A disgruntled administrator may elect to wipe servers containing sensitive corporate information as well as their backups in one negligent action. This could have untold repercussions. There is absolutely no way of predicting this since he has all the tool and priviledge to access whichever system to bring down. Stringent access control and user monitoring could be a step in trying to arrest such behaviour.
Users are also falling victim to Spear phishing, a technique of using ordinary email scams aimed at fooling victims into believing that email have come from a legitimate source yet the email redirects the user to a bogus website whence they get infected by malicious payload. More often than not, individuals do not think twice before opening word or pdf documents. Disguised to look genuine, these document offload malicious payload onto user machines once opened and create backdoors through which the attacker gets escalated privilege to the attacked machines. The victim machines can then be used as a botnets or zombies (malware injected machine being used to attack other computers and networks). Their aim mainly is denial of service (use of one machine to attack several machine and deny users access) or distributed denial of service (use of botnets). This form attack is not performed by mediocre hackers but by people with direct criminal intent for monetary gains, trade secrets and stealing sensitive data which they can use for ransomware and blackmail. It is targeted at specific organisations, businesses and or individuals who can later be armtwisted to pay large sums of money in exchange for non-divulgence of stolen sensitive information and restoration of their affected data.
It is paramount to teach employees what not and what to do in the workplace especially on how to deal with unsolicited mail. Email gateways at corporate level should be used to remove malicious emails before they get to users.
Companies are often in the habit of buying personal devices for employees that they use to access corporate resources. Whether or not this is company policy, so much confidential information ends up on personal devices such as phones and laptops. These gadgets contain little to no security mechanisms to protect confidential information as there are susceptible to casual users at home. This presents an easy gateway by which targeted individuals get fleeced of information.
Social media attacks are slowly being used as gateway to gain sensitive data from unsuspecting victims. Among the common attacks is the water holing attack. This is whereby a criminal does not specifically target individuals in their work environment but rather waylays the victim via a common website that colleagues at work often visit for example movie download sites that they frequent. It is here where they either create decoys to fool the individual to a bogus website via cross site scripting and ambush them there. Once one machine is infected, the whole network is at the mercy of the attacker. To prevent spear phishing attacks, systems users should be enlightened on the prevalence of the threat in the work place, for example possibility of bogus emails landing in their inbox.
Also email security technology that focuses on email security is necessary.
As new technologies continue to be emerge into the market every day, there is strong concern about security issues or neglect thereof. As newer and trendy gadgets are installed on our networks, they present a vulnerability which can easily be exploited by adversaries. As the adage goes, “security is as strong as its weakest link”.
It is imperative to consider high security technologies when we uptake new technology. Complimentary to this, inadequate security measures have led companies to fall victims as they have tools to detect if an intrusion has occurred but have no way of reacting to it. For example, how good is an alarm when you have no one to react when it goes off? Intrusion detection should be used in collaboration with intrusion prevention systems as well as reactionary team to act on any detected intrusions.
The employment of third parties in our day to day business leaves a lot to be desired. In as much as risk is transferred and squarely borne by the third party, high risks are still prevalent to information owners. If the third party was to be hacked or bad relations develop then organisations are at the mercy of these suppliers.
The advent of big data has brought with it massive customisation tools that allow companies to leverage this resource to suit their business needs. However, organisations continue to neglect proper security configurations even in instances where these come with the package. There is strong need to implement security controls to safeguard data in this context. Companies have fallen victim by neglecting to implement proper configurations.
Of note as well is the threat posed by outdated security software. It goes without saying that security software can only offer reasonable defence against known and documented threats. As new malicious code definitions hit the scene, there is need to keep abreast and guard against them.
Updating software then comes imperative and best practice which becomes a big ask for some organisations as they are willing to invest in such venture and take security issues for granted.
Social Engineering is by far the easiest means by which criminals gain access to confidential information by psychological manipulation and social interaction, a non-technical gateway to information. People need to wary of who they interact with and at what level and should not divulge sensitive information over the phone or respond to unsolicited mail.
Malware still remains one of the single-most dangerous threats lurking in our environment. Cyber-criminals have taken it upon themselves to leverage this “resource” to attain their ill-intentions. It has become such a destructive tool so much that criminals have locked networks and demanded ransom from data owners to get their data back. Some have used it in spear phishing to infiltrate organisations, some in cyber-terrorism to get public attention and or make public statements. At times more sophisticated criminals have used malware in the form of remote access trojan (RAT) whose function is to hide in a target network after gaining unauthorised entry and that access to the highest bidder. Telling or detecting the presence of RATs within organisations could prove a cumbersome task but information sharing of the behaviour of such malware among organisations and application of endpoint security could help eradicate their prevalence in networks.
The increased use of mobile gadgets has given way to the advent of mobile malware. Users lack awareness of the need to have security mechanism implemented on the mobile gadgets like cell phones hence these create the path of least resistance for criminals to exploit. If user behaviour is not changed, this will remain one of the major challenge affecting our day to day organisational being.
In many organisations, budget has always been a major hindrance to achieving “perfect security”. ICT security programmes are often hindered by lack of sufficient budget.
However, it is surprising that when a major breach has affected the company, these very finances are so forthcoming in order to react to the situation when it would have been better to prevent the incident from happening. It is often difficult to quantify security in monetary terms but rather in as much as threats are prevalent and abundant in the industry, there is virtually a solution for every problem as long as individuals have a passion and ingenuity to tackle them.