Cyber Security Resolutions

Uploaded on 2021-09-16 in FREE TO VIEW, Directors Reports

Cyber security is a hot topic. It is a growing problem for businesses across the world, as increasingly, criminals are finding ways to exploit organisations and their staff for financial gain. There is also significant evidence that the pandemic has only worsened the situation, with countries across the world reporting an upward trend in cyber crime. 

Cyber Security is fundamentally focused on protecting your devices and network from unauthorised hacking that can shut-down, steals, and change your systems and information and, as the use of the Internet and electronic information has increase, so too has hacking.

The Internet is not only often just the chief source of information, but it is also a medium through which people do a lot of business and stay in touch with colleagues and now most of us collect and store personal data.

From 2000 to 2021, the number of global Internet users rose from 394 million to 4.6 billion and today there are over one billion Google searches every day and two billion videos viewed daily on YouTube. The average user spends 15 hours a week online. As of the first quarter of 2021, China was ranked first among the countries with the most Internet users. China had 854 million Internet users, more than double the amount of third-ranked United States with just over 313 million Internet users.

Today, almost 5 billion people have mobile access, which nearly 70% of the global population. 
Implementing effective cyber security measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.

Expert advice on auditing your IT systems and continually cyber security training all of your management and employees is very important. Whether your business has one person who manages HR, or a whole department, it is important to recognise that they could be vulnerable to cyber crime in a way that other aspects of the business are not. 

In this report we look at some of the cyber security measures that are most important from your organisation’s perspective. A successful cyber security approach has multiple layers of protection spread across the computers, networks, programmes, or data that one intends to keep safe. 

In any organisation, the people, processes, and technology must all complement one another to create an effective defence from cyber attacks. 

Common Types of Cyber Threats and Attacks

Malware – Malicious software such as computer viruses, spyware, Trojan horses, and keyloggers.

Ransomware – Malware that locks or encrypts data until a ransom is paid.

Phishing Attacks – The practice of obtaining sensitive information (e.g., passwords, credit card information) through a disguised email, phone call, or text message.

Social engineering – The psychological manipulation of individuals to obtain confidential information; often overlaps with phishing.

Advanced Persistent Threat – An attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected.

Cyber Security is Constantly Evolving

Traditional cyber security is centred around the implementation of defensive measures around a defined perimeter. 
Recent enablement initiatives like remote workers and Bring Your Own Device (BYOD) policies have dissolved the perimeter, reduced visibility into cyber activity, and expanded the attack surface. Today, breaches are increasing at a rapid pace despite record levels of security spending. Global organisations are turning to human-centric cyber security, a new approach that places focus on changes in user behaviour instead of an exponential number of growing threats. 

Founded on behaviour analytics, human-centric cyber security must provide insight into how an end-user interacts with data and extends security controls into all the systems where data resides, even if not exclusively controlled by the organisation. 
As the world now relies on technology more than ever before. As a result, digital data creation has surged.

Today, businesses and governments store a great deal of that data on computers and transmit it across networks to other computers. Devices and their underlying systems have vulnerabilities that, when exploited, undermine the health and objectives of an organisation.

A data breach can have a range of devastating consequences for any business. It can unravel a company’s reputation through the loss of consumer and partner trust. The loss of critical data, such as source files or intellectual property, can cost a company its competitive advantage. Going further, a data breach can impact corporate revenues due to non-compliance with data protection regulations. It’s estimated that, on average, a data breach costs an affected organisation $3.6 million. With high-profile data breaches making media headlines, it’s essential that organisations adopt and implement a strong cyber security approach.

Users must understand and comply with basic data security principles like choosing strong passwords, being wary of attachments in email, and backing up data.

With an increasing number of users, devices and programmes in the modern enterprise, combined with the increased deluge of data, much of which is sensitive or confidential, the importance of cyber security continues to grow. The growing volume and sophistication of cyber attackers and attack techniques compound the problem even further.

Cyber security is important because government, military, corporate, financial, and medical organisations collect, process, and store unprecedented amounts of data on computers and other devices. A significant portion of that data can be sensitive information, whether that be intellectual property, financial data, personal information, or other types of data for which unauthorised access or exposure could have negative consequences. 

Organisations transmit sensitive data across networks and to other devices in the course of doing businesses, and cyber security describes the discipline dedicated to protecting that information and the systems used to process or store it. Cyber security is important because smartphones, computers and the Internet are now such a fundamental part of modern life, that it's difficult to imagine how we'd function without them. 

From online banking and shopping, to email and social media, it's more important than ever to stake steps that can prevent cyber criminals getting hold of our accounts, data, and devices. 

Cyber security advice for businesses, charities and critical national infrastructure with more than 250 employees. You are likely to have a dedicated team managing your cyber security. Cyber security is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. But, in essence, these measures are designed to prevent malicious actors or hackers from: 

•    Getting unauthorised access to computer systems
•    Infecting computer systems with viruses or other malware which enables them to steal, modify or delete data
•    Fooling computer users into submitting data, payment details, or other confidential data at websites controlled by the hackers
•    Preventing customers or service users from accessing victim organisations’ computer systems by overloading them or diverting data traffic away from them

Types of Cyber Security

Cyber Security is classified into the following types:

Information Security:   Information security aims to protect the users' private information from unauthorised access, identity theft. It protects the privacy of data and hardware that handle, store and transmit that data. Examples of Information security include User Authentication and Cryptography. 

Network Security:   Network security aims to protect the usability, integrity, and safety of a network, associated components, and data shared over the network. When a network is secured, potential threats gets blocked from entering or spreading on that network.  Examples of Network Security includes Antivirus and Antispyware programmes, Firewall that block unauthorised access to a network and VPNs (Virtual Private Networks) used for secure remote access.

Application Security:   Application security aims to protect software applications from vulnerabilities that occur due to the flaws in application design, development, installation, upgrade or maintenance phases. 

Types of Cyber Security Threats

There are many different types of cybersecurity threats, some of the most common types of threats are listed below:

Viruses:   Viruses are a type of malware programmes that are specially designed to cause damage to the victims' computer. Viruses can self-replicate under the right conditions and can infect a computer system without the permission or knowledge of the user. They have two major characteristics, the ability to replicate itself and the ability to attach itself to another computer file. A virus has the capability to corrupt files and steal private information like credit card details of the user and send them back to the hacker.

A Virus cannot exist on its own, i.e., without a host program; it is usually present as a parasite on another program. Piggybacking on another program allows the virus to trick users into downloading and executing it. When a virus-infected program is executed, the virus also gets executed.

Once executed, malware virus performs two primary functions simultaneously - to Replicate and to Infect.

The virus takes control of the host computer and begins searching for other programmes on the same or other disks that are currently uninfected. When it finds one, it then copies itself into the uninfected program. After replicating itself into many copies and infecting other uninfected programmes, host program returns to its original form. When the host program gets terminated by the user, the virus too will stop replicating. Since all these activities occur in the background, the user will be completely unaware of the virus.

Some viruses will remain active in the system memory even after the user terminated the host program. This type of virus will stay in system memory until the computer is turned OFF. The next time the user boots his computer system, he/she might unknowingly execute one of the infected applications on the computer. When the virus remains active in the system memory, it may deliver the payload. The payload can be anything from deleting files or slowing down the computer. It could modify data files, damage or delete data files and programmes.

Identity Theft:   It is a type of cyber security threat which involves the stealing of personal information of the victims from social media websites such as Facebook, Instagram, etc. and using that info to build a picture of the victims. If sufficient sensitive information is gathered it could allow the cybercriminal to pretend as you in some way. In some cases, hackers may steal the bank details of the victims and use it for their personal gain.

Password Attacks:   Is a type of cyber security threat which involves a hacking attempt by hackers to crack the passwords of the user. With the help of a hacking tool, hackers may enter many passwords a second to crack the victim’s account credentials and gain access. Hackers may also perform password attacks on a computer login screen to gain access to a victim's computer and the data stored in it.

Spyware and Keyloggers:   Malware such as the spyware can spy on computing habits of the victims. Some malware such as the keyloggers can record the victims' keystrokes including their passwords, PIN numbers, and credit card details. Keyloggers and Spyware programmes enter the victims' system when they download and install seemingly benign software from a dubious website. 

Spyware and keyloggers gather user information, passwords, browsing history, etc., and then transmits them to its creators (hackers) who may sell or distribute this personal information to third parties. Hackers may also use that information to steal money from the victim's bank accounts. 

Adware:   Adware is a group of malware that is known to generate these pop-ups. If a user notices strange pop-up messages on their computer screen, it is most likely to be a malware attack. The main intention of adware is to gain permissions that will then allow them to install additional malicious software. If the user downloads that additional software, it may then either delete or steal your data. 

Some of these pop-up messages can also be used to simply bombard your computer screen with unwanted information such as advertisements. 

Trojans:   Trojans are a type of malware programmes that disguise themselves as harmless or useful software. Trojans can cause a variety of malicious activities on the victims' computer including downloading malicious programmes, deleting or stealing files and providing hackers unauthorized access to the victims' computer.

Ransomware:   Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Some ransomware will also try to spread to other machines on the network, such as the Wannacry malware that impacted the NHS in May 2017.

Hacking experts warn that such attacks are likely to become more frequent, and suggest businesses cannot afford to underestimate the hidden impact the pandemic has had on their vulnerability. Usually you're asked to contact the attacker via an anonymous email address or follow instructions on an anonymous web page, to make payment. The payment is invariably demanded in a cryptocurrency such as Bitcoin, in order to unlock your computer, or access your data. However, even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files. Occasionally malware is presented as ransomware, but after the ransom is paid the files are not decrypted.

For an effective cyber security, an organisation needs to coordinate its efforts throughout its entire information system.

•    Network security: The process of protecting the network from unwanted users, attacks and intrusions.

•    Application security: Apps require constant updates and testing to ensure these programmes are secure from attacks.

•    Endpoint security: Remote access is a necessary part of business, but can also be a weak point for data. Endpoint security is the process of protecting remote access to a company’s network.

•    Data security: Inside of networks and applications is data. Protecting company and customer information is a separate layer of security.

•    Identity management: Essentially, this is a process of understanding the access every individual has in an organisation.

•    Database and infrastructure security: Everything in a network involves databases and physical equipment. Protecting these devices is equally important.

•    Cloud security: Many files are in digital environments or “the cloud”. Protecting data in a 100% online environment presents a large amount of challenges.

•    Mobile security: Cell phones and tablets involve virtually every type of security challenge in and of themselves.

•    Disaster recovery/business continuity planning: In the event of a breach, natural disaster or other event data must be protected and business must go on. For this, you’ll need a plan.End-user education: Users may be employees accessing the network or customers logging on to a company app. Educating good habits (password changes, 2-factor authentication, etc.) is an important part of cyber security.   

The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. Traditionally, organisations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known treats. 

Today, this approach is insufficient, as the threats advance and change more quickly than organisations can keep up with. 

Ransomware: Infection Mechanism

Ransomware infects a computer through various means such as through malicious email attachments, malicious links in shady websites. Most ransomware attacks are based on remote desktop protocol and other tactics that don't rely on user interaction. Users may inadvertently download ransomware when they visit compromised websites. Ransomware malware can also piggyback on other malicious software applications as a payload. 

Some ransomware variants are known to spread through email attachments from malicious emails or released by exploit kits onto vulnerable computers. Once the ransomware gets executed, it can change the victim's login credentials, encrypt files and folders on the victim's device, as well as on other connected devices. 

  • In the first case scenario (changing the login credentials), ransomware shows a full-screen image or notification on the infected system's screen, which cannot be closed at the user's will. It may also have the instructions on how users can pay for the ransom and get the decryption key.
  • In the second case scenario (encrypting files and folders), the ransomware malware prevents access to valuable files like documents and spreadsheets.

For these reasons, it's essential that you always have a recent offline backup of your most important files and data.

Should You Pay Ransom?

Law enforcement do not encourage, endorse, nor condone the payment of ransom demands. If you do pay the ransom: 

•    there is no guarantee that you will get access to your data or computer
•    your computer will still be infected
•    you will be paying criminal groups
•    you're more likely to be targeted in the future

Attackers will also threaten to publish data if payment is not made. To counter this, organisations should take measures to minimise the impact of data exfiltration.

Browser Hijacker

Some malicious software such as the Browser Hijacker redirects the victims' browser to specific websites that are chosen by the hacker or to a site that pays the hacker based on the number of hits it receives. In some cases of scareware infections, the entire root drive of the victims and all of their subdirectories will be hidden. It may also record their personal information and transmit it to the hacker.

Zero-Day Attacks

Zero-day attacks are carried out using zero-day malware. This zero-day malware exploits a previously unknown vulnerability that has not been addressed or patched. Since the zero-day vulnerability is previously not known, the zero-day exploits often occur without the consent of the users as there will be no patches available at the time of infection.

Phishing Emails

Phishing emails are intended to steal private user information like user login credentials and credit card numbers. It is a type of social engineering attack used by hackers wherein the user is tricked into clicking malicious attachments or links that download malware. Since phishing attacks use seemingly benign emails or software, it becomes difficult for the users to ascertain them. 

Phishing emails are generally used for stealing private information from the users whereas spam emails are generally used to flood the Internet with numerous copies of the same message, in an attempt to force the message on computer users who would not otherwise choose to receive it.

Where do Cyber Security Threats Originate?

There are many different ways by which cyberthreats infects a victim's computer, some of the most common ways are listed below.

Shady Websites:   Hackers use seemingly legitimate software and websites to lure users into downloading malware. The lure of free of free money or games entices some users. Even people who do not visit these shady sites are prone to enticing links being hidden on their computers. Malware that originates from these sites may travel around the Internet and land on an innocent users computer redirecting their browsing experience to these sites. 

Peer to Peer File Sharing:   Peer to Peer (P2P) file-sharing networks is one of the most popular ways to share movies, games, music, and other files online. In a typical P2P network, participants make a portion of their own computing resources available to other network participants. In essence, file sharing over a P2P network allows computer users to share files directly from the computers of each other. P2P file sharing is also a very commonly used method for distributing malware and performing other malicious deeds.

Torrent Downloads and Phishing Emails:   Trying to find a particular movie that is still in cinemas? Maybe you want a free copy of the latest PC Game. Torrent sites are used by computer savvy users that have malware removal in their daily agenda. Keygens, Cracks, Serial Coders, all of these might be what you need but don't be surprised when you are infected. In most cases, the file you are downloading could be a rogue malware installer written by a savvy programmer.

Email is the breeding ground for many malware. If you open a phishing email that is sent with an attachment, it instantly collects information within your email, mainly your address book. It will immediately send similar phishing emails to all of the contacts in your address book, spreading the problem.

What is malware?

Malware is malicious software, which - if able to run - can cause harm in many ways, including:

•    causing a device to become locked or unusable
•    stealing, deleting or encrypting data
•    taking control of your devices to attack other organisations
•    obtaining credentials which allow access to your organisation's systems or services that you use
•    'mining' cryptocurrency
•    using services that may cost you money (e.g. premium rate phone calls). 

Make Regular Backups

Up-to-date backups are the most effective way of recovering from a ransomware attack, you should do the following. 

•    Make regular backups of your most important files - it will be different for every organisation - check that you know how to restore files from the backup, and regularly test that it is working as expected.

•    Ensure you create offline backups that are kept separate, in a different location (ideally offsite), from your network and systems, or in a cloud service designed for this purpose, as ransomware actively targets backups to increase the likelihood of payment. 

•    Make multiple copies of files using different backup solutions and storage locations. You shouldn't rely on having two copies on a single removable drive, nor should you rely on multiple copies in a single cloud service.

•    Make sure that the devices containing your backup (such as external hard drives and USB sticks) are not permanently connected to your network. Attackers will target connected backup devices and solutions to make recovery more difficult.

•    You should ensure that your cloud service protects previous versions of the backup from being immediately deleted and allows you to restore to them. This will prevent both your live and backup data becoming inaccessible - cloud services often automatically synchronise immediately after your files have been replaced with encrypted copies.

•    Ensure that backups are only connected to known clean devices before starting recovery.

•    Scan backups for malware before you restore files. Ransomware may have infiltrated your network over a period of time, and replicated to backups before being discovered.

•    Regularly patch products used for backup, so attackers cannot exploit any known vulnerabilities they might contain.

•    Ensure you have effective regular cyber security training for all employees.  

There have been cases where attackers have destroyed copied files or disrupted recovery processes before conducting ransomware attacks. Ideally, backup accounts and solutions should be protected using Privileged Access Workstations (PAW) and hardware firewalls to enforce IP allow listing.

A recent survey from the UK and US-based security firm, Tessian, found that 56% of senior IT technicians believe their employees have picked up bad cyber-security habits while working from home. Worryingly, the survey found that many employees agreed with that assessment. Nearly two in five (39%) admitted that their cyber security practices at home were less thorough than those practised in the office, with half admitting that this is a result of feeling less scrutinised by their IT departments now, than prior to the Coronavirus pandemic.

The Scale of the Cyber Threat

The global cyber threat continues to evolve at a rapid pace, with a rising number of data breaches each year. A report by Risk-Based Security revealed that a shocking 7.9 billion records have been exposed by data breaches in the first nine months of 2019 alone. This figure is more than double (112%) the number of records exposed in the same period in 2018.

Medical services, retailers and public entities experienced the most breaches, with malicious criminals responsible for most incidents. 

Some of these sectors are more appealing to cyber criminals because they collect financial and medical data, but all businesses that use networks can be targeted for customer data, corporate espionage, or customer attacks. With the scale of the cyber threat set to continue to rise, threat intelligence company  International Data Corporation predicts that worldwide spending on cyber-security solutions will reach a massive $133.7 billion by 2022. Governments across the globe have responded to the rising cyber threat with guidance to help organisations implement effective cyber security practices.

For more information about Cyber security and Employee Cyber Security Training please contact Cyber Security Intelligence for advice and recomendations..

References: 

NCSC:           Charity Digital:     BBC:       Kaspersky:      Search Security:     HR News:   

Digital Guardian:       Cisco:      Comodo:      Forcepont:      Statista:       Image: Unsplash
 

 

« Germany Accuses Russia Of Electoral Interference
HCL & Dell Unite Against Ransomware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

SecPoint

SecPoint

SecPoint provides products to secure & protect your network from remote and local attacks.

Infosecurity Europe

Infosecurity Europe

Infosecurity Europe is Europe’s number one information security conference and exhibition.

Backup Technology

Backup Technology

Backup Technology is a world leader in the Online Cloud Backup, Disaster Recovery and Business Continuity market.

Axiomatics

Axiomatics

Axiomatics provides dynamic authorization and access control solutions to protect critical data assets.

Avast Software

Avast Software

Avast Software is a security software company that develops antivirus software and internet security services.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

Westminster eForum

Westminster eForum

Wesrtminster eForum runs a series of conferences on matters relating to the UKs Digital Strategy. Topics include Smart Cities and Cyber Security.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

Eaton

Eaton

Eaton provides comprehensive cybersecurity services for operational technology (OT) to help keep your operations and personnel safe.

ADGS

ADGS

ADGS is a deeptech company focused in the fields of Agent-Based simulations (Emergent Behavior), Cybersecurity and Biometrics, Social Dynamics, Natural Language Processing and Artificial Intelligence.

ContraForce

ContraForce

ContraForce is a threat detection and response software providing complete visibility across cloud, network, endpoints, user, and email with the ability to target and block threats in real-time.

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

Torch.AI

Torch.AI

Torch.AI’s Nexus™ platform changes the paradigm of data and digital workflows, forever solving core impediments caused by the ever-increasing volume and complexity of information.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.

Sardine

Sardine

Sardine is a leader in financial crime prevention. Using unparalleled device intelligence and behavior biometrics, Sardine applies machine learning to detect and stop fraud before it happens.