Cisco UK & Ireland Blog
Share

Attractiveness to hackers


August 17, 2017


Ahhh, modern technology.  As an emerging business in 2018, there’s a whole host of brilliant applications that you can just take straight off the shelf, and integrate them immediately into your infrastructure.

Suddenly, your expense requests are speedier, your file storage becomes epic, and your organisational skills become so on point you could rival Iron Man’s J.A.R.V.I.S.

Best of all, you’re benefitting from other people’s ingenuity going into building your platform…without writing one single piece of code.

There’s just one potential fly in the ointment with this tactic. With increasing interconnectedness comes increasing risk…which means that you may very well hold your end of the cybersecurity bargain up, but that doesn’t mean that everyone else will.

Additionally, many of your own employees may, unwittingly or not, introduce these unsecure applications into the working environment themselves, bypassing the approval of your IT team.

So, how do we get around this Kerplunk-style scenario?

The key lies in businesses being able to truly understand what it takes to protect a business in 2017 and beyond, so they can ask the right questions of themselves, and of others.

To help you on your way, we’ve outlined some of the key priorities for any emerging business:

‘Reactive Security’

This is a biggie.  A lot of companies have tried to solve the problem of cybersecurity by throwing unconnected ‘point products’ at the problem, without a clear strategy in mind.

It’s easy to see why this happens.  You can’t escape the cybersecurity headlines at the moment – “WannaCry is making businesses cry!”, “Not phreaking out about phishing? You should be!”

Companies are put under pressure just to show that they’re doing something…anything…

Unfortunately, whilst the intent is good, this approach creates gaps, management headaches and inefficiencies that attackers can exploit…i.e the very opposite of what they were trying to accomplish.

Each new solution comes with another management interface. Each new solution demands human resources, management hours to set up, set policy, and respond to alerts.

In addition, point solutions features often overlap, meaning companies often pay for redundant, unnecessary security functionality.  This all yields severely unwieldy, compromised security postures.

The key lies in having a strategy whereby people, processes, and technology can work together.  So that when a threat comes in, it can be remediated immediately, and your whole environment becomes immune to it.

Shadow IT, and third party applications

Picture the scenario – your IT Manager has painstakingly configured your IT Systems…only for other employees to go behind your back and undo all of that good work by introducing software on their own.

Shadow IT can be anything from installing an instant messenger service onto a corporate device, to downloading your own file sharing software and using it to transfer sensitive data.  If not controlled, don’t be surprised if that sensitive data winds up in the very last place you wanted it to be.  This kind of operation is like catnip for hackers.

However, most employees resort to Shadow IT simply because they have a willingness to want to do things better – and who doesn’t encourage that sort of entrepreneurial spirit within business?

So, to take positive advantage of Shadow IT, here’s what we recommend:

  • If you don’t already, have a forum or an ‘ideas on a postcard’ tool that allows your employees to submit ideas that could improve the running of the business. Reward people for doing this, and celebrate when an idea becomes reality.
  • Effective Security isn’t just about the technology – it’s also about setting the right processes. Make Security Awareness a fundamental part of your training programme, so that people understand the consequences of using insecure devices and programmes.

Ransomware

Some hackers are motivated by ideology or politics.  Some do it just because they can…and it’s fun.  The increasing majority do it because there’s a lot of money to be made.

Ransomware is a ruthless practice which grew by 300% last year.  This practice encrypts your files without your consent—and only the developer of the ransomware has the key to solve it. Some forms of ransomware also designed to spread across the network (see the recent examples of WannaCry and Nyetya), and bring the entire house of cards down.

Once the infection is complete, a message will appear on your screen, demanding that you pay a ransom in bitcoins for your data. A typical ransom can be anywhere from £200 to £10,000, but some organisations have paid a lot more.

Crucially, cyber criminals understand their targets—down to their likes and dislikes and how they conduct business. They know what they will pay for their data to be released, and they exploit any weakness they find ruthlessly.

If it’s what we can’t see that can cause the most damage, this is a situation that surely needs to change.  The issue for many businesses of course, is being able to increase their visibility.

For an insight into how to spot any gaps in your IT infrastructure, take a look at ‘The Suspicious Seven: A Network Visibility Checklist’.

Tags:
Leave a comment