Computer Security in the IT world — a daily intellectual battle dangerously played between the good and the bad guys like a complicated chess game on a global level. Every day consists of countless battles, skirmishes, espionage excursions, reconnaissance, securing data, subterfuge, encryption, deceptions, surveillances, clandestine communications, and rambo raids in a ghostly intellectual dual between the defender and attacker.
The clever guy on either sides wins.
Our world relies on unified interconnected data, services, and computing resources for all aspects of our daily lives. Almost all sectors of our economy have come to critically depend on their availability, and ubiquity and correctness—failure in any part of the system could have devastating consequences on the rest of the system.
What are the attackers targeting?
Each day, all around the world, thousands of IT systems are compromised. Some are attacked purely for the kudos of doing so, others for political motives, but most commonly they are attacked to steal commercial secrets and money, access government and defence related information, disrupt government and industry service, and exploit information security weaknesses through the targeting of partners, subsidiaries, and supply chains at home and abroad.
What is Cyberspace?
“Cyberspace is an interactive domain made up of digital networks that is used to store, modify and communicate information. It includes the internet, but also the other information systems that support our businesses, infrastructure and services.”
— UK Cyber Security Strategy
Many players pose a risk to information
Cyber criminals interested in making money through fraud or from the sale of valuable information; Industrial competitors and foreign intelligence services, interested in gaining an economic advantage for their own companies or countries; Hackers who find interfering with computer systems an enjoyable challenge; Hacktivists who wish to attack companies for political or ideological motives; Employees, or those who have legitimate access, either by accident or deliberate misuse.
The threat is not only technical
Many attempts to compromise information involve what is known as social engineering, or the skillful manipulation of people and human nature. It is often easier to trick someone into clicking on a malicious link in an email that they think is from a friend or colleague than it is to hack into a system, particularly if the recipient of the email is busy or distracted. And there are many well documented cases of hackers persuading IT support staff to open up areas of a network or reset passwords, simply by masquerading as someone else over the phone.
Anatomy of a computer intrusion
Reconnaissance: Attackers research and identify individuals whom they will target through open source means.
Intrusion into the network: The attackers send spear-phishing emails to targeted users within the company with spoofer emails that include malicious links or attached malicious documents.
Obtain user credentials: Attackers get most of their access using valid user credentials. The most common type: domain-administrator credentials.
Establish a back door: With domain administrative credentials, attackers will move literally within the victim’s network, installing back doors for future and continued exploitation.
Install multiple utilities: Utility programs are installed on the victim’s network to conduct system administration, steal passwords, get emails, and list running processes.
Data exfiltration: The attackers obtain emails, attachments, and files from the victim’s servers and then encrypt and exfiltrate the data via the attackers’ command and control infrastructure.
Maintaining persistence: If the attackers suspect they are being directed or remediated, they will use other methods to ensure they don’t lose their presence in the victim’s network, including updating their malware.
Best practices against a cyberattack
While there is no silver bullet to prevent all attacks, the risks can be mitigated, and you can rest more comfortably, if you employ a multi faceted security program. A program that often times is simply based upon best practices:
If you’re an employee:
Use a complex alphanumerical password with a combination of numbers, letters (uppercase and lowercase) and symbols.
Change your passwords regularly
Do NOT open emails and attachments from unfamiliar sources, even if they looked official.
Do NOT install or connect any personal software or hardware to your organization’s network or hardware without permission from your IT department.
Report all suspicious or unusual problems with your computer to your IT department.
If you’re in the Management & IT department:
Implement defence-in-depth: a layered defence strategy that includes technical, organizational, and operational controls.
Implement technical defences: firewalls, intrusion detection systems, and internet content filtering.
Update your anti-virus software daily.
Regularly download vendor security patches for all your software.
Change the manufacturer’s default passwords on all of your software
Monitor, log, and analyze successful and attempted intrusions to your systems and networks.
Protecting against an attack or reacting to an attack is not a black art; most of the methods needed to protect critical information are already known and we just need to employ those methods more effectively. Preparation in advance of the 2:00 am phone call is everything.
Your data is your most precious commodity; prepare to protect it, and prepare to deal with the impact of a loss.
Hi! My name is Woody, Senior Technical Lead & Product Manager at a leading software security company based in Montreal, Canada.