Most company eyes are now looking to the cloud. Meanwhile, a storm of cyberattacks has been predicted. What is the security forecast this autumn, and how do you bolster the company to avoid losses? Kenneth Demskov, Senior Solutions Architect at Sentia, elaborates.
In September, the hearing aid company Demant was attacked by hackers. Even deducting the expected insurance coverage of 100 million DKK ; company loss totals up to DKK 650 million. At the same time, Nets has reported an explosive increase in phishing emails to private customers, where the goal is to persuade customers to submit their card information.
Both are a good expressions of what is happening on the security front right now. We see more of the orchestrated attacks on large companies. We also see an increase in the broad attacks on private consumers. In other words, a powerful storm is forming.
IT security was covering the frontpages in 2017
If we turn back time, IT security became frontpage news in 2017, when the so-called NotPetya virus hit Maersk in the summer of 2017. Suddenly, 'ransomware' became a well-known concept, and the shipping group's bill for the attack approached DKK 2 billion.
The case brought security to the frontpage, and that's where it belongs. It is not a question of if you experience an attack, but when. An example: I recently connected a brand-new PC to the web. It took less than five minutes before the first attacks rolled in, so the threat is genuine.
It only takes a few clicks to enter a website where you can see a total overview of networks where the systems are not up to date and, therefore, vulnerable to attacks. In other words, it has become much easier to find vulnerable systems on the web, and it is no longer necessary to look for them.
If one wants to attack these machines, it is also possible by subscribing to web services that make it easy as a breeze. One can, e.g., for a few dollars, order a so-called DDoS attack on a website to blackmail the site owners.
Hackers have their own customer services
Unfortunately, it is easier than ever to commit cybercrime. As it is possible to buy IT services with a credit card, it is also possible to buy DDoS-attack and phishing campaigns. Additionally, we see several professional 'companies' on the Dark Web with their product development and customer service that provide cyber attacks as-a-service. Some make use of these services for their own agendas, others, to do industrial espionage. The consequences of cyber attacks can be impossible to get an overall view of, as the case with Maersk and the paralyzed global infrastructure.
Investigations indicate that the Maersk attack was a side-effect of a Russian coordinated attack on a Ukrainian infrastructure. A Financial Manager at Maersk in Odessa asked the IT department to install a new tax system. The updating servers were infected by the Sandworm hacker group, which allowed them to use this backdoor reaching all the users of the tax system. In turn it was a form of incidental drive-by-hacking.
Three useful advices before the storm breaks
Although the current threat landscape is bleak you can take precautionary measures to get in advance of hackers and minimize the consequences of an attack. Here are some of the most important:
1. Work out a contingency plan for IT attacks
The contingency plan needs to be realistic and up to date. Ask yourself: What position are we in if our entire IT is down tomorrow? How do we get up and running again, and how do we then consult customers and colleagues?
2. Ensure effective and well-functioning backup
Backup must fulfill the simple 3-2-1 rule: Data has to be placed in three different places, on at least two different physical units and with at least one offline location so it is out of reach from a virus.
3. Update all systems and all your devices
The update must take place according to plan and step-by-step. Everything needs to be updated, even all the devices you typically forget such as network printers, surveillance cameras, smartphones - all around. Everything is a potential backdoor.
And one last thing; Do not forget the employees; the human factor. IT security is no better than the individual employee. Every five years is not frequent enough to perform employees training sessions, because everyone must have high safety awareness and be aware of their behavior.
Kenneth Demskov is IT security specialist with 25 years of experience from the IT world and has worked with server-, network-, and database operations distributed across a broad spectrum of operating systems, database technologies and types of networking equipment. Certified in Fortinet and Microsoft focusing on design and delivery of security solutions to Danish organizations, Kenneth is specialized within network and endpoint security, advising companies on a daily basis how to secure the right data protection under de-centralized and fragmented security challenges.