Cybersecurity: what are we dealing with?

Heptagon-cybersecurityThe Internet has evolved greatly over the last half-century, and the associated information and communication (ICT) technology is now ubiquitous  and increasingly integral to almost every facet of modern life.

However, structural and technological changes arising from telecommunications privatisation, liberalisation and the explosion of mobile Internet, has resulted in a degradation of protocol-based networks. This has facilitated an increase in cyber-attacks, cyber-crime and the proliferation of viruses, worms, malware and spam. Tebogo Thiophilas Basuti, Faisal Khurshid and Wonde Chubato of Dragon Sino, with the cooperation of Aryaka, detail the potential threats and explain some of the measures that should be taken to protect your business. 

Types of cyber risks

A whole range of traditional crimes are now being perpetrated via cyberspace:

  • Cybercrime: when cyber actors work alone, or in organised groups, to extract money, data or cause disruption. They can acquire credit/debit card data and intellectual property, and impair the operations of a website or service.
  • Cyber war: when a nation state conducts sabotage and/or espionage against another nation in order to cause disruption or to extract data.
  • Cyber terror: when an organisation, working independently of a nation state, conducts terrorist activities through cyberspace.

The unregulated cyberspace has led to tremendous growth in inventiveness and ingenuity. However, much of this creativity has made cybercrime increasingly simple and cheap. The ability to operate from anywhere in the world, the linkages between cyberspace and physical systems and the difficulty of reducing vulnerabilities and consequences in complex cyber networks have all exacerbated the difficulties in securing cyberspace. Ensuring cybersecurity requires coordinated efforts throughout an information system. Elements of cybersecurity include:

  • Application security;
  • Information security;
  • Network security;
  • Disaster recovery / business continuity planning;
  • Operational security;
  • End-user education.

One of the most problematic elements of cybersecurity is the rapid and constantly evolving nature of security risks. The traditional approach has been to allocate the majority of security resources to the most crucial system components and to protect from the biggest known threats. This approach leaves ‘less important’ system components poorly defended. It is an invitation to hackers to hunt for vulnerabilities in a system.

Instead, advisory organisations are promoting a more proactive and adaptive approach. The National Institute of Standards and Technology (NIST), for example, recently issued updated guidelines in its risk assessment framework that recommended a shift toward continuous monitoring and real-time assessments.

According to Forbes, the global cybersecurity market reached USD 75 billion for 2005 and is expected to hit USD 170 billion in 2020.

Application Security is the use of software, hardware and procedural methods to protect applications from external threats. Countermeasures are taken to ensure application security. The most common software countermeasure is an application firewall that limits the execution of files or handling of data by specific installed programs.

Information security (InfoSec) is a set of strategies for managing the process, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. InfoSec responsibilities include establishing a set of business processes that protect information assets regardless of how the information is formatted or whether it is in transit, is being processed, or is at rest in storage.

Many large enterprises employ a dedicated security group to implement and maintain the organisation’s InfoSec program. Typically, a chief information security officer leads this group. The security group is responsible for conducting risk management, a process through which vulnerabilities and threats to information assets are continuously assessed, and the appropriate protective controls are decided on and applied.

Network Security consists of policies and practices adopted to prevent and monitor unauthorised access, misuse, modification or denial of computer network and network-accessible resources. Network security involves the authorisation of access to data in a network, which is controlled by the network administrator.  Users are assigned authenticating information which permits access to resources and programs within their authority.

Disaster Recovery Business Continuity Planning (BCP) or Business Process Contingency Plan (BPCP) When a disastrous event prevents the continuation of normal functions, a BCP/BPCP consists of procedures to  be taken to minimise the effects of a disaster to enable the organisation to either maintain or quickly resume mission-critical functions. It involves an analysis of business processes and continuity needs. It may also include a significant focus on disaster prevention. Interruption of service or loss of data can have serious financial impact, whether directly or through loss of customer confidence.

End-User Education: As the old InfoSec adage goes, “people are the weakest link in the cybersecurity chain.” In a recent Enterprise Strategy Group (ESG) research survey, 58 per cent of enterprise security professionals identified “a lack of user knowledge about cybersecurity risks” as the most common factor for successful malware attacks.

The best practices in this area include:

  • Awareness programmes: basic training, awareness campaigns.
  • Leadership: business leaders must strive to make cybersecurity awareness and good online behaviour part of the corporate culture.
  • Notifying end users of policy violations.
  • Proactive spear phishing: This tactic involves sending bogus but authentic-looking emails to internal employees to see if they actively click on links, install software or open attachments. On average, between one-third and half of employees do not hesitate to install or open malicious software or attachments.
  • End-user feedback: If employees are expected to become good cybersecurity citizens, then the security team should keep them up to date on how they are doing.

TCP vulnerabilities

Traffic Control Protocol (TCP) vulnerabilities are making it easy for hackers to attack data several ways. The TCP is how data packets traverse public cyberspace. Prior to any data entering cyberspace, a TCP breaks the data into packets, assigns each packet a sequence number then sends each packet on the best public cyberspace route. Upon reaching the final destination, the TCP reassembles the packets in their correct sequential order.

The results of a thorough security assessment of TCP, along with possible mitigations for the identified issues, were published in 2009, and are currently being pursed within the Internet Engineering Task Force (IETF).

Denial of Service

By using a spoofed Internet protocol (IP) address and repeatedly sending purposely-assembled synchronous (SYN) packets, followed by many acknowledgement (ACK) packets, attackers can cause the server to consume large amounts of resources while keeping track of the bogus connections. The overloading of vast amount of data causes the server to crash.

Connection Hijacking

An attacker who is able to eavesdrop a TCP session and redirect packets can hijack a TCP connection. To do so, the attacker learns the sequence number from the ongoing communication and forges a false segment that looks like the next segment in the stream. Such a simple hijack can result in one packet being erroneously accepted at one end. When the receiving host acknowledges the extra segment to the other side of the connection, synchronisation is lost. Hijacking combined with address resolution protocol (ARP) or routing attacks allow control of the packet flow to be taken, to get permanent control of the hijacked TCP connection.

Conclusion

The lack of security on the Internet and of the devices connected to it, results in serious vulnerabilities. These create risks for infrastructures that increasingly rely on the Internet, including not just communications, but also power generation and distribution, air transport, and, in the near future, road transport. It is easy and relatively inexpensive to access cyberspace and to obtain the means of conducting offensive cyber-attacks. Thus, it is tempting to develop offensive cyber capabilities and indeed some countries are doing so, as published in their national cyber security strategies, and several countries have allegedly already carried out such attacks.

With all the vulnerabilities and the countermeasures associated with cyberspace, companies have to invest more labour and money in the protection of their data. The consensus within the disaster recovery industry is that most enterprises are still ill prepared for a disaster.

Countermeasures

They are numerous countermeasures that can be put in place. This can include, but is not limited to, having someone taking care of the system premises to: watch out for phishing and spear phishing; delete suspicious e-mails; configure intrusion detection systems (IDS) to block malicious domains/addresses; keep patches and updates current; and make sure that workers comply with organisation’s policies.

Dragon Sino, is the logistical backbone of Aryaka the world’s leader in fully managed and hassle-free cloud-delivered WAN. Dragon Sino’s success with the most difficult scenarios is why the IT industry relies on Dragon Sino for logistics and government compliance and why Aryaka teamed up with Dragon Sino in introducing Aryaka’s service to Chengdu.  With over 10 million users, 4,500 sites and a 99% satisfaction rating, Aryaka has created a faster cheaper and more reliable way to keep international offices connected.