This week’s guest blog is written by Luke Potter, Chief Operating Officer at ethical hackers, CovertSwarm.
Bolstering your cyber security – from both a private and organisational standpoint – should always be your top priority. And now, with evidence of cyber warfare spreading from the Ukraine crisis, it’s more important than ever.
Why is cyber security important?
Any cyber security vulnerability creates an opportunity to exploit your information. Cyber attacks can cause untold damage to your business, data and reputation, and can be issued from any corner of the internet – or the world.
Plus, with many attacks having the potential to spread between systems applications and countries in a lateral creep, nobody – and nowhere – is truly safe.
What types of cyber attacks are there?
There are countless ways to compromise a website or application but, during this crisis, we’re seeing particular types of attack gaining traction.
They all come under the umbrella of unethical hacking and include:
- Ransomware: Malware that holds your data to ransom, only releasing it if you pay criminals a fee.
- DDos (denial of service) attacks: Equivalent to stuffing a letterbox full of envelopes, these overwhelm websites with requests and traffic to take them offline.
- Zero-day exploits: Like a countdown hitting zero, this is where a bad actor has found a yet unknown vulnerability and an attack is underway.
- Phishing: Fraudulent emails which coerce people and systems into revealing sensitive information, or trick them into granting access to your infrastructure.
- Misinformation: Deliberately spreading fake news, misinformation and propaganda – usually with political aims – to impact the world both online and off.
And there’s plenty of evidence these kinds of cyber attack are being used right now.
In March 2022, Ukraine’s telecoms company (Ukretelecoms) was brought down by bad actors, and there have also been cyber attacks on Ukraine’s banks and defence ministry. But this ongoing cyber war isn’t just limited to government and private sector targets. Back in 2017, NotPetya ransomware was unleashed. One of its biggest targets was MAERSK, a global shipping conglomerate, which suffered over $200mn in losses.
Who is a viable cyber attack target?
Typically, the targets we’re seeing during this cyber war can be divided into those who are high-risk and those who are high brand.
The first camp centres around government bodies and critical infrastructure – like Ukrtelecoms – which are highly visible to the public. The second concerns big-name PR targets and aims to undermine confidence while causing mass-scale disruption.
How can I defend against a cyber attack?
Since the Ukraine invasion began, the UK’s Secretary of State for Defence, Ben Wallace, was quoted in the media as saying ‘the best form of defence is offence’. That’s exactly our ethos at CovertSwarm, as we work to outpace our clients’ cyber threats through delivering proactive cyber security services.
Being a strong voice in the cyber community, we do all we can to share our knowledge and experience with others. Here are some of our top tips for businesses and individuals looking to protect themselves – and their information.
– Establish a comms back-up plan. NotPetya famously took out MAERSK’s communications, leaving them with only WhatsApp as a form of content. If your central comms fall, you need a tried and tested way to re-establish a connection. One way of doing this is to inform your staff and stakeholders about back-up channels – Signal, WhatsApp, even SMS – if your main comms are taken out. Another way could be to post an agreed hashtag on social media that gives directions on how or where to regroup. Whatever it is, you’ll need several contingency plans to keep communication channels open.
– Practise good cyber hygiene. The idea behind this is that forming a small set of cyber health habits – which follow you from home to the workplace and vice versa – can prevent a large, metaphorical health problem for your business. In other words, it’s about having a security mindset for all your digital activities, in order to build greater protection. Examples include setting complex passwords, controlling admin privileges, and performing regular back-ups and updates to safeguard systems.
– Control log-ins. If you’re a business with an admin interface that allows a user to log in from anywhere in the world, you’re also opening yourself up to an attack from anywhere in the world. Instead, use an office network or VPN (Virtual Private Network), or consider multi-factor authentication.
2) First-party data
– Know your attack surface. Understanding the size and scope of your organisation – and where the boundaries lie – is the first step in protecting it.
An attack surface doesn’t just mean technical elements like IPs, subdomains or your website, but instead covers everything you expose – forums, social media, process documents in the public domain, published research, and even your people. State-sponsored or otherwise, bad actors start with an attack surface, then look for a point of compromise. So, even with regular patches, system hardening and staff education, it might not be enough if you’re not looking holistically at your attack surface. It’s the reason why some organisations keep finding things for years on an old software release.
– Secure data across locations. It might seem like the more places you hold your data, the greater the risk. But that’s where multi-cloud strategies and availability zones come into play. As well as having your data across various clouds (even multiple vendor clouds), it’s important to use various physical locations that are also geographically distant.
Next, think about a disaster recovery strategy to call on if multiple environments go down, like a hard data back-up or a code held by an actual person (like the CEO). You’ll also need to consider how quickly you can rebuild in a given recovery time objective (anywhere from a few hours to a week or more), which should be based around the frequency of your application updates.
– Harden your systems. To be best protected, you should ensure what you have in your system is all that’s needed to operate or provide that service – like a cyber security version of a minimum viable product. Ways to harden your system could include removing unnecessary drivers, using authenticating systems to grant access permissions, and additional file encryption for extra security.
3) Personal data
– Run regular updates. Don’t put off installing the latest version of iOS or updating your version of Windows. New software releases often contain patches for security holes and bug fixes, as well as adding new features to your devices. Updates should be installed across both software and hardware to provide the highest level of protection.
– Be cautious online. Never click a link, open an email or download a file from a suspicious or unfamiliar sender or website. It’s possible to infect your device simply by viewing a rogue website or clicking on a compromised message, so it pays to be wary.
– Use strong passwords and multi-factor authentication. You can discover password best practices for 2022 on our blog but as a general rule, for multi-factor authentication, the more verification points you need for a device, website or system, the more robust your cyber security will be against unethical hacking. For example, you might need a password and fingerprint to unlock your computer.
– Guard against malware. From regular virus scans to installing anti-malware or implementing a secure firewall, it’s all to help increase your device’s immunity and minimise the risk of infection and data compromise.
How can I plan for risk?
The better prepared you are for a range of attacks, the smaller the impact will be when a breach occurs. Planning for risk is an effective way of combating threats because your staff will know what to do in various scenarios, you’ll have contingencies and back-ups in place if the worst does happen, and ultimately, you’ll get up and running again much faster. All this can help you retain your business reputation and minimise any financial impact.
We’d advise on three steps.
1) Train your teams
– Breed a culture of cyber security. When it comes to your business, everyone is responsible for cyber defence and for raising the alarm if and when a breach occurs – it’s not solely down to your IT department, infosec policy or board. Everyone should know their role and follow best practices to protect themselves, others and your wider organisation. Use engaging content to encourage people to keep your security policies front of mind, helping them exercise a natural caution in their daily working lives.
– Raise awareness. Whether it’s risk planning for a potential breach or debriefing after an attack has occured, it’s key to communicate with your team. In the case of prevention, engage with your people in a way that’s relevant to them, and not focused on technology, frameworks or languages they don’t understand, have experience of, or find specific enough to their work. If an attack does happen, tell a story about what happened, how it was done, what it meant to your business and why it matters, so your staff can learn from it.
– Have an internal bounty. A reward or incentive can encourage your team to flag suspicious activities and potentially ward off an attack before the damage happens.
2) Create a clear incident response plan
When something goes awry or seems suspicious, your incident response programme should be something everyone knows like the back of their hands. Instead of a 20-page document, a side of paper with clear bullets on who’s responsible for what, how to escalate concerns and how to keep communication channels open is key.
You could also try a visual (like a poster) or use a different medium (such as video) to give a clearer snapshot. Whatever it is, keep it fun and accessible, and have it as the top link on your team intranet. Then, just like with team training, reward the behaviour you want to see. It’s far cheaper than handling the fallout from a breach — and the hassle that comes with it.
3) Run regular fire drills
So, your team knows about building exits and the car park assembly point in a fire. Do they know what to do if a cyber criminal strikes?
Cyber security fire drills help you spot who’s inactive and stressed versus who’s calm and productive. Like a football coach, you can then assess your team’s performance and work out where you need more action, control and communication for a future response. One word of warning, however: take care over false alarms. Often the result of badly-tuned services and altering mechanisms, they can run down your blue team outfits.
How else can I protect my business?
One thing we often highlight to businesses and individuals is the importance of our cyber community. We all have something to offer, and by coming together we can pool our knowledge and experience. There are so many ways to get involved:
– Attend regular conferences and networking events
– Reach out to others in similar roles
– Speak or give back to the community (e.g. through how-tos)
– Pick up the phone and ask for help
Ultimately, we’re all on the same side, fighting for the greater good and working to defend what matters to us. Don’t be afraid to ask for help.
Where does CovertSwarm come in?
At CovertSwarm, we’re a modern, offensive security partner for over 70 global brands and have knowledge, capabilities and insights that benefit every company from SMEs to mega enterprises.
Whether you need an informal chat, real-time assistance or a long-term partnership, our door’s always open. And, if we can’t help, we’ll know someone who can. As a strong voice in our cyber and IT community, we’re on your side – working to defend and support applications through the Ukraine crisis and beyond. See how we could help.