by Guido Marchetti, Cloud Lead, MJ Flood Technology
Happy Cyber Security Awareness month to you all. Most of us don’t even realise that this is an actual thing, but it is. Throughout October you will see plenty of content like this blog, that will focus on security threats and explaining that if you aren’t already, why you should be trying to manage your security. I thought a good place to start would be to look at the top 5 cyber security threats for 2018.
1. Phishing: Is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. It is the core reason that corporate ID’s get compromised which can then lead to a man in the middle attack. This is where rather than trying to get personal access to cash, they impersonate a c level and ask for a transfer of cash. We have seen 5 clients in the last 6 months see these attacks.
2. Ransomware: A type of malicious software designed to block access to a computer system until a sum of money is paid. We have seen a few of these attacks recently too and more are being targeted at SME’s
3. The Cloud: While we all move services to the cloud industry experts are growing concerned that the cloud could be targeted. We have already seen a denial of service attack happen to services like Netflix. Is it a matter of time before your O365 or GMAIL is targeted? That said, these companies have significant resources to challenge these risks.
4. GDPR: We all know this by now and while we are yet to see a breach, industry experts are waiting to see the result of the first one. We are seeing a huge amount of companies still confused by this and taking action to remedy what they believe is their challenge.
5. Cryptocurrency Mining: This new threat is the infection of devices to command CPU power, in order for criminals to steal bitcoin.
So now that we’ve outlined the top 5 risks as per a survey carried out by AlienVault and reference in this TechRepublic article. I can verify, that we are seeing a growing interest in security across all our clients from SME to Enterprise. In fact, the last three clients that I have worked with this quarter were all security related projects. The surprising thing is that they were all concerned about the same issues.
Identity management, Multifactor Authentication, Device management, and data protection. We assisted our clients by listening to their concerns and then helping them understand their risk landscape. When thinking about security threats, unfortunately, there is no silver bullet that will kill all. Protection of cyber threats requires an understanding of your threat landscape, which usually is quite similar to a few nuances per client. Here is some advice on how to view the threat landscape.
Most companies have Active Directory in their business, which manages access to applications. Others have applications that are hosted or independent of Active directory. Passwords are the key here, and having a policy is one thing, but enforcing it can be very different. I have had clients admit they share passwords, I have seen them written on post-its stuck-on screens (I swear to god I have), and I understand this because it is human nature to trust each other. But therein lies the risk, people are trusting by nature and if an email looks legitimate enough the reality is that your end users will click on it. Therefore, end user education is required to teach users what to look for, but you need to help them too. If you introduce a layer of ID management above your AD, you can assist.
We advise clients to look at Azure AD P1 to layer over your AD. We do this because it allows us to set conditions for access. For example, we can identify trusted IP ranges that are known and allow access. But if you have an identity breach the hacker will not have the ability to login from the allowed IP range. If in this instance an unknown range attempts to login, the Multi Factor Authentication will kick in as a condition of access.
This authentication process verifies that the user attempting to login is legitimate and requires 6-digit number text to their phone or an app installed to gain access. If a user gets this notification and didn’t try to log in, you now know you have a problem. This will reduce the standard 225 days to discover you have the breach. You can then act to remedy the problem immediately.
Device management score to your security strategy. Let’s start with the ones we know all too well, your Windows Estate. If you haven’t already standardized for technical reasons to Windows 10 find a way of doing it. The challenge you face here is that the older the estate the more vulnerable it is to threats 2 & 5 in the list. Updates and security patches are core to preventing malicious software from getting onto your device. Managing the update and maintenance of one platform is far easier than managing multiple platforms and versions. Anti-virus is key to making sure that it works and is effective with its threat updates. Ensuring that the latest threats are always covered is an essential part of your plan. Having an AV that updates once a quarter is far too little, updates should be daily making sure you always have the latest threat signatures covered.
We are also starting to see device management fringe into data protection with more people enquiring about Encryption. Another reason we advise Intune and Windows 10 is the ability to enable Bit locker on your Windows estate. This will encrypt your drives and make sure even if the device is lost or stolen the data stored on it is safe.
Then, of course, there is your mobile estate of devices. We have all let IOS and Android devices into our workplaces because they enable productivity on the move for those who want it, but this brings additional risk. Amazingly most companies we deal with don’t even think about the risk, they just assume everything is ok. Devices are where a possible data breach might happen. An end user who can access files and email off one of these devices can then move that data into another service without you knowing. Unless of course, you start to consider controlling the devices and the business applications on them. Addressing access to business systems and data should form a large part of your security strategy and if it doesn’t start to think about it now.
This is becoming more of a conversation over the last 18 months, but still customers are unsure of what they should be doing. When it comes to GDPR seek legal advice on what elements of your data are covered by GDPR. Then make sure you have the services in place that enable data protection. Office365 has a GDPR centre built into most services that allow you to manage the retention periods etc. of data in Office365. As well as this, Microsoft Azure Information Protection allows you to create labels for your data and set a list of rules to protect it based on these labels. For example, if you don’t want a document to be emailed outside of the company, that is a rule you can create. If you want to prevent the printing of finance files , this is another rule you can make and the list can go on. GDPR has brought data protection into focus, but we should have a data protection practice regardless of this because a breach of any type could be damaging for your brand reputation.
As for Point 5, this is similar to ransomware. In order to protect against such activity, the correct software and user awareness is also required. Microsoft Technology’s ATA or Advanced threat analytics is the service we recommend to our clients. It monitors both technical and behavioral anomalies, taking into account known and trusted devices and highlighting any concerns it uncovers to the user to address. Again, decreasing the time required to identify and respond to the risk. See this clever video for more information.
Microsoft technology combines 4 components into one service that addresses most, but not all of the above. It will help you to address the majority and if today you’re only addressing the minority then Microsoft EM&S and MJ Flood Technology could be a nice partnership for you to consider.
People often ask me what I think is the most important thing to protect against, and in reality, it all is. But if I had to say which ones give you the most value, it’s the identity. Control identity and you can control access which is half the challenge. In my experience, however, doing it separately leaves you vulnerable and tackling the issue as a combination of items will help to reduce your risk drastically.
If you need help with your strategy or would like to understand how you could be better protected, feel free to reach out to myself or a member of the MJFT team.