Issue link: https://maltatoday.uberflip.com/i/1479650
10 COMMERCIAL 22.9.2022 Understanding the online threat landscape CONFRONTED by so many potential threats, from outside hackers to dis- gruntled employees undermining secu- rity from the inside, organisations face a constant battle – not only to maintain data integrity, but also to forestall po- tential reputational damage. Factor in the Covid-19 pandemic, leading to more employees working from home, as well as ever more strin- gent compliance requirements, and it quickly becomes clear that the myri- ad challenges facing companies are symptomatic of a wider threat land- scape. More to the point, it's one that's likely to only become more dangerous over the coming years. Tom Kellermann, head of cyberse- curity strategy at VMware's Security Business Unit, says the solutions pro- vider noted a 148% surge in ransom- ware attacks between February and March 2020 alone, just as much of the Western world was moving into lock- down – and moving away from the se- curity they enjoyed in the office. "Traditional perimeter defences like firewalls are failing, due to increased telework protocols," Kellerman ex- plains. "Additionally, the modern-day cybercriminal is an expert in exploit- ing the vulnerabilities of remote sys- tems, as well as the inherent lack of visibility that security teams have into these complex environments." Hacked off If proof were needed of the damage cybercriminals and state actors are capable of wreaking, the recent hacks at solutions provider SolarWinds, as well as tech giant Microsoft, both provide salutary lessons – even if the outcomes aren't yet fully known. As the SolarWinds hack shows, moreover, organisations can have the most secure systems at their dispos- al – but this will count for nothing if external hardware or software boast more holes than Swiss cheese. After all, hackers, believed to be Rus- sian state actors, found a back door into SolarWinds scalable infrastruc- ture monitoring and management platform tool Orion – subsequently distributing malicious code via soft- ware updates. Even worse, the breach wasn't detected for months after it happened in early 2020. Given the nature of the Texas-based company's business – providing com- puter networking monitoring services to major corporations and government agencies around the world – people in high places and senior positions have been unsurprisingly worried. And while the scope of how far the criminals actually burrowed down has yet to be determined, SolarWinds has confirmed that up to 18,000 of its cus- tomers (or 60% of the total) installed updates leaving them vulnerable to hackers. Potentially even more serious, meanwhile, is the fallout after hack- ers exploited holes in Microsoft's mail server software – potentially affecting 30,000 organisations across the US alone, according to a recent report by KrebsOnSecurity. According to Microsoft, a previously unidentified Chinese hacking crew known as 'Haf- nium' have been conducting targeted attacks against its email servers. In a number of cases, hacking tools known as 'web shells' were placed on victims' systems before Microsoft announced it had issued patches to cover the holes – the implication be- ing that organisations would still be vulnerable, even if they had down- loaded the patches. While there is still no evidence that the SolarWinds and Microsoft attacks are connected, in short, the damage caused by hack- ers, harvesting data across numerous organisations and all sectors, still has the potential to be huge. Stopping the stuffing How to address these challenges? For Kellermann, it's fundamentally a question of organisation. "CISOs should report directly to the CEO in an effort to elevate awareness of the security risks and defence recommen- dations for an organisation," he says. "Cyber threat hunting techniques must be expanded, and network se- curity platforms need to be integrated with endpoint protection platforms and solutions." Of course, that's not enough to coun- ter the threat. Although phishing, dis- tributed denial-of-service (DDoS), and ransomware attacks remain the preferred weapons of choice for cy- bercriminals, so-called 'island hop- ping' – where supply chains and part- ners are commandeered to gain access to the primary target, including major financial institutions – is increasingly popular too. "Application attacks and island hop- ping are spiking as a result of rapid digital transformation," notes Keller- mann. "With that, rigorous testing on the security of these applications is critical. It's also important that the remediation timetable for hardening security be mandated along with de- ployment of application controls. Fi- nally, the principle of least privilege should be applied to better control who has administrative rights." Another potentially destructive practice, meanwhile, is credential stuffing, whereby stolen account cre- dentials are used to gain unauthorised access to user accounts. Typically, this is done through large- scale automated login requests direct- ed against a web application. In 2020, indeed, malware and ransomware incidents rose by more than a third, while there was an over 50% increase in phishing, scams, and fraud, accord- ing to INTERPOL. In the insurance claims sphere, meanwhile, Catharina Richter, glob- al head of the Allianz Cyber Center of Competence, describes losses from incidents such as DDoS attacks, phishing and ransomware campaigns as accounting for a significant major- ity of the value of cyberclaims today. All the same, Richter is keen to em- phasise that though cybercrime tends to be a popular story in the papers, more mundane failures can be just as troublesome. "While cybercrime gen- erates the headlines, everyday systems failures and IT outages, [as well as] human error incidents, can also cause problems for companies, even if their financial impact is not, on average, as severe. Employers and employees must work together to raise awareness and increase their company's cyber resilience." Allowed on the cloud As Richter implies, potential busi- ness interruption is evidently a crucial issue in boardrooms up and down the continent, but companies shouldn't take their eyes off the ball when it comes to bread-and butter-issues – especially around data security, cy- bercrime and compliance. A great example of this principle comes in the person of Jerry Finley. "Data security and compliance has been the cornerstone of our organisa- tion since our inception," says Finley, CISO at OakNorth Bank. He means what he says. Beyond regularly testing staff on their cybersecurity skills, the bank also conducts simulation exer- cises and tests throughout the year. The point, Finley says, is "to keep everyone vigilant, and to determine where our vulnerabilities lie". At the same time, he adds, his bank also pro- vides "regular reminders and guidance to our customers about how to stay vigilant and identify potential fraud". That's shadowed by more fundamen- tal changes. In May 2016, OakNorth Bank became the first UK bank to be fully hosted on the cloud – not just ancillary services, but everything, in- cluding its core platform. "Our pro- vider is Amazon Web Services, which provides the very best security to its clients," Finley says. "It invests a lot more in security than we'd ever be able to so we're glad to be working with them." The bank has for several years also partnered with Illusive, a computer and network security provider, for several years, helping get insights into the lateral movement of attackers across the bank's infrastructure. "This capability gives us confidence that we have another layer of defence as threat actors become more sophis- ticated and learn to evade traditional countermeasures," Finley explains. "In terms of other factors, the biggest consideration is human error, which is why we have put in place several sys- tems to try and minimise the risk of this." Low risk, high reward This process is ongoing, of course, with Finley stating that his bank is constantly examining other measures to protect both itself and its custom- ers. All the same, he accepts that it's always going to be an ongoing and uphill struggle. "We know our work will never be done," he adds. "Attacks are becoming more sophisticated, and hackers are constantly developing new tactics and procedures to circumvent existing technologies." Whatever the successes of Finley and his team at OakNorth, indeed, the global cost of cybercrime is forecast to grow 15% annually over the next five years, reaching $10.5trn by 2025. And, given the likelihood of detec- tion or prosecution rates of a cyber- criminal was recently estimated by the World Economic Forum to be as low as 0.05%, it's patently obvious that criminals continue to operate in this low-risk, high-reward environment. As the old adage goes, the security of a given network is only as strong as its weakest point. And with the number of data points increasing, due to more people working from home because of Covid-19, organisations would do well to bear this in mind.