CYBERSECURITY: VEIL OF SECRECY HELPING HACKERS
Cybersecurity ultimately comes down to human behaviour, and people are prone to cut corners hackers exploit gaps and vulnerabilities when they underestimate risks, thus helping
With increasing dependence on technology in our day to day lives, unfortunately business is booming for cyber extortionists too. DarkSide, the hacking group that shut down a key US oil pipeline last month, has collected over $90 million recently in hard-to-trace Bitcoin from 47 different victims, according to the blockchain analytics firm Elliptic.
The pipeline hack ended only after Colonial Pipeline Co. paid nearly $5 million in ransom to regain control of computer systems needed to supply gasoline to much of the eastern U.S., and was widely dubbed a “wakeup call” to batten down loose digital hatches and safeguard pipelines against cyberattacks.
But there are key gaps. In all the recent reporting on cyber attacks, there’s been scant coverage of how they actually occur. You would almost think that bad guys are breaking into corporate data centres in the dead of night armed with sinister thumb drives. It’s as if malware materialises spontaneously on a server, then worms its way in to seize control of operational assets. Companies are reluctant to correct the misimpressions by discussing the details of a breach, because it makes for bad publicity and inevitably reveals some sloppy security. The absence of information creates a sense of bystander apathy, leaving many in the industry unprepared for the next attack.
In real life, corporate servers are often breached through remote login services as employees connect to the office from compromised home networks. Once an attacker has gained initial access to an enterprise network, other hacking tools can be used to exploit software flaws and infiltrate critical control systems. The rise of remote work during the pandemic has drastically increased these attack surfaces. Most people don’t think of their personal computers as vectors for infectious malware, but that’s what they are.
The lack of transparency is not just the fault of corporate public relations. Software vulnerabilities are often kept secret for national security purposes. US President Joe Biden recently announced a new ‘Executive Order on Improving the Nation’s Cybersecurity’ which addresses part of the problem by envisioning the movement of government data and services to the cloud from local servers. A reputable cloud-hosting provider has fulltime staff monitoring the infrastructure and staying on top of security updates, so newly disclosed vulnerabilities can be patched immediately.
This may be sensible for government agencies, but perhaps not the private companies operating critical infrastructure. Globally, the cloud computing market is dominated by three players — Google Cloud, Microsoft Azure and Amazon Web Services. Greater dependence on tech giants would make the internet more susceptible to catastrophic failure by reducing the number of prime hacking targets. A distributed communications system, by contrast, should be able to survive a nuclear strike.
Implementation of best cyber risk management practices requires a huge investment. Security measures are easy to undervalue because the consequences of sloppiness are unknowable. Laziness is a competitive advantage until the day the bad guys strike. Cybersecurity ultimately comes down to human behaviour, and people are prone to cut corners when they underestimate risk. The worst outcome would be for cybersecurity to turn into a checkbox-ticking exercise like the pointless ritual that people have to suffer at some airports.
ONCE AN ATTACKER HAS GAINED ACCESS TO AN ENTERPRISE NETWORK, OTHER HACKING TOOLS CAN BE USED TO EXPLOIT SOFTWARE FLAWS AND INFILTRATE CRITICAL CONTROL SYSTEMS. THE RISE OF REMOTE WORK HAS DRASTICALLY INCREASED THESE ATTACK SURFACES