The current threat landscape is not disappearing, and cybercriminals continue to find new vulnerabilities for their attack patterns. With this in mind, Kenneth Demskov, Senior Solutions Architect, outlines security questions and explains why tools like cybersecurity assessments can be part of the answer.
It has become clear that IT security has moved up on the agenda. The many high profiled cases in the media have created awareness on how network and IT-infrastructure not only contribute to productivity and business development but also is an invitation to hackers. Simultaneously, seven out of ten companies in the North find it challenging to find competent IT security people 1).
At Sentia, it is our experience that messaging about security resonates in the market. It surfaces very clearly as customers pay careful attention when ask questions such as:
- Can you see which applications your employees use on the internet?
- Do you know what the encrypted SSL-traffic your users access?
- Do you automatically detect suspicious behavior around your network?
Very few people have insight into how you make use of the network capacity. Encrypted SSL traffic sounds secure, but is, at the same time, used as a backdoor to cybercriminals. In that way, many security failures can fly under the radar. For this reason, tools as, e.g., Fortinet's CTAP is of current interest.
We will return to this but let us look at the new threats that experts outline for 2020.
Order a subscription on ransomware
As implied above, cybercriminals attack the weakest link in the chain, and in many cases, it will be the employees/users. It can be due to more than 90 percent of all malware is delivered through email that attempts to bait the receivers to click and open the attached files 2). Currently, with companies becoming more aware of this issue and put up countermeasures, the hackers begin to attack the network's edge services.
Ransomware-as-a-Service is a more easy to access a version of ransomware. At least two ransomware families - Sodinokibi and Nemty – is accessible on the dark web as a service. It is even possible to subscribe to a service that provides access to devices infected with a specific trojan horse. The threats are real and easier than ever to execute.
A wide range of new and old IT threats
Many of the IT threats from 2019 and the previous years are naturally still relevant to this day. However, new threats are constantly appearing. Analytics work continuously to identify those highlighted:
Deepfakes are coming – The new technology is much more than poorly formulated emails. With deepfake technology, one can create sound and pictures that are quite realistic. It is not just a party trick. The technology has already been used to trick companies from a tremendous amount of money.
Critical infrastructure – The critical infrastructure has also become a target. It might be healthcare systems, an energy supply chains, payments, and similar areas where a destabilization will have tremendous consequences. Public authority and their suppliers need to be wide awake.
Vulnerability in Cloud – In general, a migration to the cloud is a secure step, but it is not safer than the individual employee. A conscious or unconscious wrong configuration might open the door to automatedmachine-driven attacks.
Compliance and GDPR – GDPR is soon having its two-year birthday, and compliance is still relevant. Vulnerability scans provide useful information on the status of compliance. A scan needs to be done frequently to affect. There is a difference in how often it needs to be done depending on the industry and security level.
The good news is that with cybersecurity assessment, one is provided with better options to face the threats and secure its network and IT infrastructure, so I want to give a more detailed description of what it is about.
Cyber threat assessment: How it works
There are multiple tools available in the market to assess the cybersecurity. One of them is Fortinet's CTAP – Cyber Threat Assessment Program – to map the IT security and vulnerability level in a company. It consists of a firewall that will connect to the network, after which the network traffic will be observed in 3-7 days to answer the questions I mentioned earlier on.
The observation will result in a report that provides a unique insight into how the network is applied in practice. The report illustrates critical vulnerabilities, what can be changed long-term, and if the use is against the company's IT policies. If there is a need to create new or tighter policies, Fortinet's CTAP is also a central tool.
What answers can a security assessment provide?
The mapping of the IT-security and vulnerability level in a company is very detailed and builds upon the specific network use . It covers, among others:
- What is the bandwidth usage distributed? If a large amount is used to stream YouTube, there might be grounds to change the policy on that area.
- Which cloud services do the company apply? It covers the use of shadow-IT, which happens through unknown cloud services.
- Are services like peer-to-peer misused? All network traffic must direct through the company's firewall.
- Is there total control of the endpoint security? Maybe some of the units are being hijacked to botnet activity or the like.
As mentioned, a tool like Fortinet's CTAP provides clear answers to the questions that sharpens the attention of our clients. The CTAP report can be used to fix critical security breaches , optimize the company's policies, and contribute to better network usage supporting business goals.
More news from the security front
There is always updated news on IT security because the technologies and tools continue to evolve. The first step will always be to focus on security systems and to make sure the employees obtain high security awareness.
Continuous vulnerability assessments and scans are also crucial to consider, as are two-factor authentication, storage of logs, use of security features in platforms like Microsoft 365, and much more.
Get updated on the latest advances and sign up for our newsletter if you would like to receive future articles posted on our website and LinkedIn.
1) Computerworld [https://www.computerworld.dk/art/250252/kaempe-angel-paa-it-sikkerhedsfolk-i-norden-syv-ud-af-ti-it-selskaber-har-svaert-ved-at-finde-kompetent-personale]
2) Fortinet [https://www.fortinet.com/blog/threat-research/fortinet-q3-hreat-landscape-report.html]
Splunk: IT Security Predictions 2020
Fortinet Threat Landscape Report Q3, 2019
Kenneth Demskov is IT security specialist with 25 years of experience from the IT world and has worked with server-, network-, and database operations distributed across a broad spectrum of operating systems, database technologies and types of networking equipment. Certified in Fortinet and Microsoft focusing on design and delivery of security solutions to Danish organizations, Kenneth is specialized within network and endpoint security, advising companies on a daily basis how to secure the right data protection under de-centralized and fragmented security challenges.