By Paul Dignan, Senior Systems Engineer, F5 Networks
During a new financial year, organisations both large and small take stock of their accounts and assess how they can improve performance in the year ahead. Too often, security is left out of this planning process.
Safeguarding critical systems and reviewing data protection has become an increasingly important part of meeting financial and operational goals. The Financial Services Information Sharing and Analysis Center (FS-ISAC), a non-profit threat intelligence sharing group, estimated that by the end of 2016, members were reporting an average of 400 potential cyber threats every day. Many of these focused on penetrating financial systems to access an array of sensitive information.
As hackers are armed with an increasingly complex set of cyber-weapons, the threats they pose mean businesses must implement more robust security measures to mitigate a serious breach. Failure to do so will not only impact customers and brand reputation, but it will also have an impact on the bottom line. So, what must organisations and employees look out for over the next 12 months?
Evolution of DDoS attacks
Businesses, banks and other financial institutions have all fallen victim to DDoS attacks over the last year, which has caused mayhem to services and rendered some company networks inoperable. Using multiple computers, cybercriminals have sent fake traffic to targeted websites, overloading them to the point of paralysis. The Mirai botnet was labelled the largest of its kind in history, which struck in Autumn 2016 and brought down numerous sites, including Twitter, Netflix and CNN.
The average DDoS attack is now strong enough to seriously disrupt a business and DNS based attacks are becoming one of the major attack vectors. Botnets have successfully landed a Terabyte attack causing immense damage. If organisations fail to put adequate defences in place, they risk opening their systems up to hackers who can exploit valuable data.
It is critical companies ensure web, as well as network traffic is monitored for irregularities and that effective measures are in place to react rapidly if companies’ applications are targeted. Both on-premises and cloud-based anti-DDoS technologies mitigate low level attacks that target the application layer. A hybrid approach of both cloud based and on premises protection gives organisations the best flexibility to protect against this type of threat.
Manipulative malware intensifies
Downloaded onto computers and networks, malware has the potential to destroy or steal data and render networks inoperable, leaving businesses and their customers vulnerable to major financial losses. In many instances, users do not realise they have downloaded something until it is too late, making malware one of the biggest threats businesses face today.
Viruses and other types of malware were once isolated acts of computer vandalism, but much of the malware targeting people today is purpose-built to hijack computers, credentials and to make money illegally on the black market. As a result, it is significantly more complex to defend against.
A thorough risk assessment determines a business’ vulnerability status and the findings can be used to measure the effectiveness of existing tools and processes. Running regular anti-virus scans to identify and address malware is still good practice. Always running the latest security software and applying security updates as soon as they are available should be standard procedure.
Businesses should also look at implementing other types of more advanced anti-malware fraud protection, which can encrypt user input as information is typed into a browser application. Real-time encryption can hide the input, defeating browser based key loggers, as well as ensure systems and information remain safe.
Sophisticated phishing techniques
Hackers often use phishing to impersonate a legitimate business or government organisation, tricking people into handing over sensitive details, which can be used to access bank accounts and password protected systems. This technique is becoming increasingly sophisticated, with criminals going to great lengths to build convincing looking tools. The IRS saw a 400% surge in phishing and malware incidents during the 2016 tax season alone and the recent W-2 email scam saw many people fall victim to requests for information seemingly from payroll and HR contacts.
It is incredibly important for businesses to work with all employees to bring awareness of cybercrime and insight into the dangers that exist. For example, if an e-mail subject line appears mysterious from an unknown source, such as a finance enquiry, stop and think about its authenticity. Never assume the communication is genuine. Review the details and contact the apparent source directly using the publicly available contact information. Never click on attachments from unknown sources, always check links or remember it is unlikely you’ll be asked to confirm payment details via email.
The scourge of ransomware
2016 saw ransomware grow in sophistication and diversity. It is essentially a form of malware, which restricts users’ access to their computers and networks until they pay a ransom – commonly bitcoin. One particularly aggressive form of ransomware, known as CryptoWall, was responsible for losses of more than $18 million between April 2014 and June 2015 according to the FBI. Apple recently issued an iPhone software update after reports of fake ransomware attacks where money was demanded in order to unlock the handset’s browsers.
Collaboration amongst police forces and organisations across the globe means there are various decryption tools available online to help victims recover their data. Finding out the name of the malware you have been infected by can help to restore files, even with older versions.
Regular backups of information can ensure data is kept safe. Using two different methods is best, such as a Dropbox or Google Drive account and a physical data drive. It is interesting these days that organisations are prepared to utilise cloud based storage far more readily than in the past, with availability and resiliency of data storage overcoming traditional security objections. The ever increasing uptake of SaaS solutions – Office 365 in particular – have helped overcome most organisation’s worries in this area. Setting up restrictions for files is good practice as well, such as read/write permissions without the ability to modify or delete.
Staying safe in 2017
When reviewing financial opportunities for the year ahead, businesses must be diligent and review their security posture to remain compliant in today’s increasing threat landscape. Organisations must regard security as a process that encompasses threat prediction, prevention, detection, response and investigation.
A comprehensive, multi-layered security solution is needed, but on its own is not enough. Organisations need to educate staff and build a culture of best practice to safeguard vital applications and data. In a world where cybercrime is rapidly evolving, the bottom line to being a successful business is to account for every botnet, byte and buck.