Cyber Security: Dealing with Cyber Threats

Ajay Singh

Ajay Singh

Ajay Singh, MSc, PG Diploma in Cyber Law & Cyber Forensics
Former CEO of a Fintech Company, Mumbai, India
ajay_singh@outlook.com

Organizations the world over have leveraged information technology and the internet to meet their business objectives and offer better, faster services to their customers and constituents. Increasing dependence on information systems has exposed them to cyber threats as never before. Cyber-attacks have now touched an all-time high. Their total cost has risen from $445 billion in 2014 to $600 billion in 2017, and according to McAfee Jupiter Research, the costs may reach as high as $2 trillion in 2019 (Kay, 2019).

Kaspersky, a cyber security software firm listed the top five cyber-attacks of the past decade (Snow, 2018). These cyber-attacks found a place on this list because of their scale or sophistication and for attracting global attention:

  1. The WannaCry. It put ransomware and computer malware that affected more than 200,000 computers in 150 countries. WannaCry encrypted all devices including medical equipment; consequently, some factories were forced to stop production.
  2. NotPetya/ExPetr. Damage caused was estimated at $10 billion making it the costliest global cyber-attack in history. Maersk, the shipping giant which handles 20% of the world trade, was the target of an attack that required them to replace 45,000 PCs, 4,000 servers and install 2,500 applications (Olenick, 2018).
  3. Stuxnet. It is an example of attack on industrial control system that disabled the uranium enrichment centrifuges in Iran, setting back the country’s nuclear program by several years.
  4. DarkHotel. Public Wi-Fi networks in cafés or airports are known to be vulnerable to cyber threats. Under the pretense of installing a software update, hackers infected their devices with the DarkHotel spyware enabling logging of keystrokes which they used to conduct phishing attacks.
  5. Mirai. A giant botnet named ‘Mirai’ was created over a period of time. In October 2016, Mirai crippled the operations of PayPal, Twitter, Netflix, Spotify, PlayStation online services, among others, via distributed denial of services (DDoS).

The number, variety, and intensity of cyber threats is growing every day. They have now extended from organizational information systems to industrial control systems due to an explosion of devices being connected to the Internet. According to the research group Gartner, by 2020 there will be more than 26 billion connected devices in use by businesses and individuals and many of them would be at risk for cyber-attacks (Deloitte, 2018). These six common cyber threats are described below (Chan, 2019):

Malware

Hackers use malware to breach information systems by exploiting network vulnerabilities. They use different types of malware including spyware, ransomware, viruses, and worms. Malware can block networks, install other malware, secretly copy data and disrupt a system or render it inoperable. Organizations can prepare for such attacks by identifying vulnerabilities, conducting penetration testing, implementing advanced multifactor authentication, and employing intrusion detection and protection systems.

Phishing

Phishing is a social engineering attack where the attacker attempts to steal sensitive information or trick people into installing malware by appearing to come from a trusted source. Since emails are used for these attacks, staff must be trained to recognize phishing emails to prevent compromising cyber security. Phishing is considered the leading cause of cyber-attacks worldwide.

Man-in-the-middle attack

A MITM (man-in-the-middle) attack is similar to eavesdropping on a conversation where the attacker intercepts and relays messages between two parties who believe they are interacting privately with one another. Hackers use such an attack to filter, manipulate, and steal sensitive information. While staff training can help being proactive, encryption of data is an effective way of protecting sensitive data from being stolen or manipulated.

Distributed denial-of-service attack (DDoS)

DDoS attacks bombard an organization’s central server with simultaneous data requests generated from multiple compromised systems (botnets). DDoS attack aims to prevent the server from fulfilling legitimate user requests, thereby causing disrupted service. A risk assessment tool can help identify areas of vulnerability for DDoS attacks and implement preventive measures.

SQL injection

SQL (Structured Query Language) is normally used by programmers to manage data in relational database management systems. Hackers using SQL injections insert malicious code into the server that uses SQL which opens the database to manipulation. Organizations employ user monitoring tools, intrusion detection and such prevention systems as firewalls, whitelisting and blacklisting for protection against SQL injections.

Zero-day exploit

When a network vulnerability is publicly known, there is a window of time before a patch or solution is used to fix the issue. When Cyber attackers exploit this vulnerability before a patch is released, it is termed “a zero-day exploit.” Continuous monitoring of vulnerabilities combined with penetration testing and patch updating can reduce exposure to such attacks.

Who are the threat actors?

Cyber threat actors can be grouped by their goals, motivation, and capabilities. Four groups to note are cyberterrorists, hacktivists, state-sponsored actors, and cybercriminals (Ablon, 2018). It must be noted cyber threats can occur from both malicious and unintentional external and internal sources.

Cyber terrorism refers to cyber-attacks perpetrated by politically motivated extremist groups or nonstate actors to intimidate, coerce, or influence an audience, force a political change or cause physical harm. Hacktivists are typically motivated by political, economic, or social causes to attack those whose ideologies they do not agree with (Ablon, 2018).

State-sponsored actors receive direction, funding or technical assistance from a nation-state to advance that nation’s interest; in contrast cybercriminals are motivated by financial gain. They want to access and monetize stolen personal, financial, or health data (Ablon, 2018).

In order to respond adequately to cyber threats, organizations must develop a clear understanding of information security vulnerabilities and the risks involved that could impact business operations, expose them to legal and compliance risks and cause harm to their reputation.

With the different types of cyber-attacks, it’s important for organizations to implement an information security management system (ISMS). According to Tenable’s Trends in Security Framework Adoption Survey (Watson, 2019), the most frequently adopted frameworks are PCI DSS (Payment Card Industry Data Security Standard) (47%), ISO (International Organization for Standards) 27001/27002 guidelines for ISMS (35%), CIS (Center for Internet Security) Critical Security Controls (32%), and NIST’s (The National Institutes of Standards and Technology) Framework for Improving Critical Infrastructure Security (29%).

Cyber security is much more than just using technology. Physical security must work with IT security to monitor unauthorized physical access, enhance employee participation through security awareness and training, and put in place a data governance system. The organization’s leadership must be actively involved in cyber security to ensure prevention and protection from cyber threats.

References

Ablon, L. (2018). ‘The motivations of cyber threat actors and their use and monetization of stolen data. Hearings before the Committee on Financial Services Subcommittee on Terrorism and Illicit Finance, United States House, 115th Congress. 1’.

Chan, A. (2019). What are the most common cyber attack? IT Governance USA Blog. Available at: https://www.itgovernanceusa.com/blog/six-most-common-cyber-attacks (Accessed: 20 March 2019).

Deloitte (2018). IoT Innovation Report. https://www2.deloitte.com/content/dam/Deloitte/de/Documents/Innovation/Internet-of-Things-Innovation-Report-2018-Deloitte.pdf

Kay, A. (2019). Why is Cybersecurity Important? Investing News Network. Available at: https://investingnews.com/daily/tech-investing/cybersecurity-investing/why-is-cybersecurity-important/ (Accessed: 20 March 2019).

Olenick, D. (2018). NotPetya attack totally destroyed Maersk’s computer network: Chairman. SC Media. Available at: https://www.scmagazine.com/home/security-news/ransomware/notpetya-attack-totally-destroyed-maersks-computer-network-chairman/ (Accessed: 20 March 2019).

Snow, J. (2018). Top 5 most notorious cyberattacks. Kaspersky Lab official blog. Available at: https://www.kaspersky.com/blog/five-most-notorious-cyberattacks/24506/ (Accessed: 20 March 2019).

Watson, M. (2019). Top 4 cybersecurity frameworks. IT Governance USA Blog. Available at: https://www.itgovernanceusa.com/blog/top-4-cybersecurity-frameworks (Accessed: 20 March 2019).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.