This article isn’t directed at the large multinationals with vast security resources but is meant for the individual who is keen to protect his privacy and small businesses who want to make sure they are protecting their information
Over the course of the last decade, a new economy has come to dominate global markets; similar to coal and oil at the dawn of the industrial revolution, information is the new currency defining our digital existence.
As wealth shifts to zeros and ones, so do the resources to acquire that wealth illicitly and today, cybercrime is rated as the largest threat to wealth, surpassing all other forms of traditional crime with no indication of respite.
It’s important to highlight that our capacity to protect ourselves stems primarily from understanding how the majority of these attacks take place. Otherwise you’re just pushing buttons and hoping for the best – in the same way that you would reinforce your front door when most break-ins take advantage of an unlocked back door.
ANATOMY OF AN ATTACK
Attacks happen in two stages: first the attackers gain access to your computer or your network (this is analogous to a burglar getting into your house) and second, they make away with your valuables (similar to stealing a watch with the intention of selling it, or kidnapping the family dog and holding Fido for ransom).
A minority will go the extra mile and trash the place on the way out.
Gaining access to your computer/network
Let’s stick to analogies. The most common ways of getting in are:
- By forcing open a window with a bad hinge – that is, exploiting a vulnerability. This is what happened with WannaCry: the attacker(s) exploited a recently discovered Windows weakness called EternalBlue.
- By tricking you into letting them in. This is what phishing basically is – an email is meant to look and sound as if it comes from a person or organisation you know and trust and has been developed with the sole intention of getting you to click on it.
Executing the plan
In techy terms, the plan is often referred to as the payload, and this is what an attacker executes once they have gained access to their target computer or network. To continue with the WannaCry example: the attacker may choose to encrypt the user’s information and hold it for ransom. This is based on the simple premise that no one will pay more for your information than you. The attacker doesn’t even have to take the information – all he needs to do is make it inaccessible. The attacker may also choose to just steal information and then either sell it or use it to gain access to more valuable assets, which is the case in identity theft.
I also mentioned how some attackers trash the place on their way out. I the tech world this normally happens for three reasons:
- They want to make a point, which is for the most part ideologically driven.
- They want to cause an outage by disabling your systems (something a disgruntled ex-employee or competitor may do).
- They want to cover their tracks because it’s not easy lifting fingerprints if the house has been burnt down.
So, what should we do? The answers are actually simpler than you would expect, and I’ll address them separately for the individual and the SME.
REASONABLE PROTECTION
The concept of reasonable protection involves putting in enough effort to fend off most attacks. If you want absolute security on-line, then all you have to do is completely disconnect from the Internet and invest in an abacus …
Defending your house
Stopping an attacker from gaining access to your computer or network is actually easier than most people expect. Because most people are not going be targeted by nation-states, most people don’t need military-grade policies and procedures.
Keeping your computer and your network properly patched and running a version of the operating system that is supported by the manufacturer would have protected you from WannaCry. It’s that simple: most attacks bank on the fact that most people do not keep their systems up to date.
For small businesses, this involves a bit more work. You can’t go from computer to computer checking each one and starting all over again every time there’s an update, so there is a need for some form of endpoint management software enabling you to track your laptops, desktops, smartphone and tablets, push updates, and make sure they are all running a vendor-supported version of their respective operating systems with the latest security patches. Such software is normally available as a cloud service, which is critical for most small businesses who don’t host their own servers.
Limiting the damage
Planning for the worst and expecting the best is good practice. If an attacker does make it onto your system, then limiting the damage and accelerating recovery should be your target.
Using a secure cloud service to store information is good practice: it means that you can recover quickly and move on with your life. Having said that, there are many cloud storage services out there, and here’s what you should be looking for:
- Two-factor authentication. This means that even if you choose a password poorly, the attacker will still not be able to gain access to your data.
- Encrypted files. All stored data should always be encrypted so that if someone does gain access to it, it’s useless to them.
- Previous versions of your files should be provided, so in case you do fall foul of ransomware, you can revert to a previous version of your files before the attacker encrypted them and locked them away from you.
Don’t be stingy. If you need to pay for the right service, it’s worth every cent.
For businesses, these cloud solutions come under the banner EFSS (enterprise file sync and share) services. The same points you should look for above apply, in addition to the following:
- Tracking: Make sure you can track who has accessed which files and when.
- Cross-platform: Most companies have a plethora of mobile devices and computers. The chosen solution needs to be accessible from any screen.
- Rights management: The solution should allow users to share documents but then restrict what the third party can do with the information and for how long.
Protecting yourself is not as tedious a task as most vendors make it sound. The right product will fit into your life or your business perfectly and just make sense. And this is ultimately the difference between good software and great software.
Good luck and stay safe.
Author: Nader Henein is Regional Director, Advanced Cyber Resilience – EMEA