Mapping the Cybersecurity Landscape

killing software asset management
Why Identity-based Licensing Is Killing Off the Software Asset Management Industry
8th January 2019
Software Licensing in the Cloud: Achieving Competitive Advantage
Software Licensing in the Cloud: Achieving Competitive Advantage
8th January 2019

The Internet is huge. According to internet live stats, there are now over 4 billion internet users worldwide. Today alone, 3 billion searches have been carried out via Google, 3 million blog posts have been written and 41 million photos have been uploaded to Instagram. Every second of every day approximately 2 million emails are sent. Cyberspace is vast and securing this vast space is a huge task. For a lot of people cybersecurity simply means passwords, but cybersecurity is more than just good password hygiene, it involves all of the people, processes and technology that secure every aspect of our digital lives – and it’s a collective responsibility.

Due to its complex nature combined with our ever-increasing reliance on computer systems, wireless technology and smart devices, cybersecurity is one of the major challenges of the modern world. At an individual level, a cybersecurity attack can result in everything from identity theft and extortion to the loss of important data like family photos. At a macro level critical infrastructure such as power plants, hospitals, financial service companies and government organisations, which are all essential to keeping our society functioning, are all at risk of attack. The process of keeping up with new technologies, security trends and threat intelligence is a challenging task, so what exactly does the term cybersecurity cover?

Network and infrastructure security

An endpoint is any computing device that communicates with a network and examples include desktops, laptops, smartphones, tablets, servers, workstations, wireless and IoT devices. When any device is connected to a network, the endpoint it creates provides an entry point for threats and malware. A key component of Network cybersecurity is, therefore, Endpoint security, which is all about adequately blocking threats from entering or spreading on a network that could occur as a result of security weaknesses at endpoints.

Endpoint threats include malware and non-malware attacks, and endpoint security (or endpoint protection) combines various attack prevention, detection, monitoring and response technologies, which together form advanced protection. Key components of network security include;

Endpoint protection software and technologies should be installed on all network servers and on all endpoint devices in order to defend the perimeters of an enterprise, which are the gateways into the network.

Application security

Application security encompasses any cybersecurity measures that protect applications from threats that can occur during the life cycle of software. Security measures built into applications can minimize the likelihood that code can be manipulated in order to access, steal, modify, or delete sensitive data. Intrusion detection & prevention systems patrol for unusual activity and strict access controls will ensure only approved users are able to access application components and transmit data.

Some basic components of application security are:

84 per cent of software breaches exploit application vulnerabilities due to bugs and weaknesses in software. Application security testing (AST) tools can help reduce software development related cybersecurity issues. Once deployed, strong authentication and authorization become essential in helping prevent access related issues. A fundamental principle of any cybersecurity measure is to ensure that only appropriate traffic sources are able to access application resources. You need to know who has access to your company’s most valuable assets, but also have confidence that the end-users accessing your applications are who they say they are.

Most application access comes from a heterogeneous user mix of employees, customers, and partners. Moreover, individual users may use several different devices to access applications, for example, a laptop while sitting in a coffee shop, and then a mobile phone later at home. An IoT explosion is also on the horizon meaning that many users may soon start to access applications with no ability to present a password for authentication.

Talk to a cybersecurity expert like 10Duke to find out how you can tightly control who has access to your web, mobile and desktop applications.

Database Security

Database security covers and enforces security on all aspects and components of a database. Database security is generally planned, implemented and maintained by a database administrator or other information security professional. Database cybersecurity measures include restricting unauthorised access to data on a database, but also the physical security of the server and backup equipment in case of theft or damage. Some key components of this area of cybersecurity include implementing strong and multifactor authentication to better control who has access to your data, as well as reviewing and mapping out known vulnerabilities. Load and stress testing should also be carried out to ensure that a database will not crash during distributed denial of service (DDoS) attacks or user overload.  

Organisations should always aim for ‘least privileges’ which means end-users and administrators should always only have the minimum number of privileges required in order to do their job, and only at the times that they need access. It’s often the case that users accumulate privileges as they move through organisations, (also known as privilege creep). Unless you have a clear digital picture of who the users within your system are and the data they can access, it can become difficult to provision minimum privileges accurately. Investment in strong access management products can help prevent far greater costs later down the line from security incidents and data breaches that are caused by privilege creep.

Data-centric security measures focus on the security of the data itself as opposed to data access measures which focus on the security of networks, servers, or applications. Components of Data and Database Security include:

Encryption

Data Loss Prevention

Data Privacy

Access Management

Data-Centric Security

Talk to 10Duke about how to understand exactly who the users within your network are and what they can access, as well as how to manage compliance issues like GDPR at the click of a button.

Cloud Security

Cloud computing provides users with capabilities to store and process their data in third-party data centres and it’s this ‘third party’ element that’s been responsible for a lot of the reluctance to adopt cloud services in the past. There are those who think that their data is less secure because their server is not in the same building as they are. It is true that when an organization chooses to store data in a public cloud that they lose physical access to the server hosting their data. However, data centres employ individuals who have much more specialised knowledge in terms of security and safety measures for server and data protection.

Large multi-billion organisations can afford to dedicate specialist resources to the single task of server security and even the most dedicated in-house team will not be able to match the knowledge and skill level of large cloud computing providers. Cloud service providers also carry out much more thorough background checks on employees who have physical access to servers. Additionally, data centers must be frequently monitored for suspicious activity and are subject to much stricter rules and regulations. That said, cloud security software is still a critical component of a comprehensive cybersecurity strategy, regardless of whether your server is on or off premises.

Cloud cybersecurity is on-premises or cloud based software that sits between service users and cloud applications. This software monitors all user activity, warns administrators about potentially hazardous actions, enforces security policy compliance, and automatically prevents malware.

Mobile security

Mobile security is an area of cybersecurity that involves the protection of smartphones, tablets, laptops and other portable computing devices, from threats and vulnerabilities associated with wireless computing. Mobile security helps protect mobile devices, but also the networks that these mobile devices connect to and is sometimes referred to as wireless security.

Components of mobile security overlap with other areas of cybersecurity including, email security, endpoint security and end-user education. It also covers less obvious areas such as developers only using RESTful APIs for backend integrations to ensure that they only use the data that they need to and do not transfer ‘all the data all the time’.

Mobile security includes some of the following components;

Data transfer and encryption

Device security

Cloud security

Hashing and salting of passwords

Authentication and identity management

Virus scanning and penetration tests

Government & regulatory compliance

File permissions

Messaging and email security

Email was originally designed and developed to simply store and forward messages between different people using different computers, at a time when the digital universe was a much smaller place. 91% of all cyber attacks start with email because it wasn’t intended to be the centre of our digital lives in the way that it is now, so it wasn’t designed with any security or privacy in mind.

Despite the growing popularity of secure messaging apps such as whatsapp, which offer a free way to send encrypted messages over the web, billions of emails are still sent every day; 6.4 billion of these are spoofed messages. There are four main places where email can be compromised:

On your device(s)

On the networks you use

On the servers you connect to

On your recipient’s device(s)

Encryption can help to properly secure email messages. Two things need to be encrypted: the connection from your email provider, and the email itself. If you’re sending a highly confidential email to someone (like your bank or a credit card company) a safe practice is to use their online email form rather than your normal email account. Online email forms are more secure than using regular email because your message is encrypted between your PC and the recipients server as it travels through the Internet, however be sure to look for ‘https’ in the browser address bar.

Advanced threat intelligence

New threats appear in the news daily and organizations routinely struggle to understand which cyber threats pose the greatest risk to them. Threat intelligence draws on data, research and analytics to help organisations search for and prevent attackers in their environment. Available intel includes who threat actors may be, what their likely motives are, and industry and global information about attackers and the malware they use.

Many threat intelligence companies also offer alerts to identify, block and respond to advanced threats. Time and visibility can make all the difference to an organisation and advanced threat protection helps enterprises detect threats early and formulate a response more quickly. Early detection and response can help minimize damage and speed up recovery, reducing potential business disruption. Fast recovery and response can also help protect brand reputation and reduce remediation costs should an attack occur.

Advanced threat intelligence can help to:

  • Predict how threat actors may target your organisation
  • Prevent cyber attacks from escalating
  • Detect the tradecraft of threat actors
  • Respond quickly to disrupt the Kill Chain
  • Eradicate threats from your environment

Disaster recovery and incident response

Even with protective and proactive cybersecurtity solutions, your network and data can still be breached. Maybe an absent minded or disgruntled employee has been using poor password hygiene or curiosity got the better of them and they clicked on a corrupt link in a phishing email. When it comes to cybersecurity, government recommendations lean towards proactive rather than reactive measures, but what happens if disaster strikes? You’ve realised that someone has unauthorized access to your network, or worse you’ve received a ransom note – now what?

Some organisations don’t know what their first step would be following a ransom email. Who do you call? What do you shut down? How do you shut it down? Can you carry on working? Should you carry on working? What do you do next?

Disaster recovery and incident response solutions provide accelerated recovery and remediation. They can provide threat intelligence such as identifying how attackers are accessing your environment and then start immediate repair. They may also have a backup of all your data in a remote bunker somewhere that’s not connected to the internet, so that you can start recovering immediately instead of having to wait for technology and information to arrive. Pre-planned contingencies help minimise the damage of an attack and can reduce (or in some cases even eliminate) revenue loss from business downtime.

End-user education

The weakest link in a company’s cybersecurity chain is typically its people and mainly due to a lack of awareness, employees frequently open the gates to attackers. New ways of working such as BYOD allow increasing flexibility, but have also opened up more opportunities for security breaches and many end-users these days will be targeted through their home or mobile devices and then unwittingly bring an infection inside an organisation. Some cyber criminals may target the end-user directly, for example, to conduct cyber fraud, or they may target the end user as a primary route to gain access to an organization’s IT infrastructure.

End-user education is about educating your employees but also checking and testing that they follow the advice that they’re given. 90% of people understand that it’s risky to use the same password for multiple accounts and yet 59% of people use the same password anyway. End-user education will help to prevent the risk of human error, however, it’s impossible to eliminate the risks completely.

Identity and access management (IAM)

Funding for IAM projects isn’t always a priority because they don’t directly increase either profitability or functionality. However identity and access management addresses the critical requirement of ensuring appropriate access to resources across increasingly heterogeneous technology environments. IAM also helps organisations meet increasingly rigorous compliance requirements. End-users are often the source of a cybersecurity breach, opening the gates for attackers, but IAM ensures only authenticated individuals can access a network and controls and limits the information these individuals can access.

Ultimately the aim of any cybersecurity solution is to control who and what has access to your applications and data, and this sits at the core of Identity and Access Management. IAM enables the ‘right resources’ to be accessed by the ‘right individuals’ at the ‘right times’ and for the ‘right reasons’. Essentially IAM ensures that users are who they say they are (authentication) and that they can only access the applications and resources they have permission to use (authorization).

Identity Management covers issues such as how users gain a digital identity and technologies that help protect that identity. Then there’s the authorisation side of IAM, which describes the information that end-users are authorized to access and the actions they are authorized to perform. IAM is about defining and managing roles and access privileges within a network and then tightly controlling the circumstances under which users will be granted (or denied) those privileges. Users might be customers and partners (customer identity management) or employees (employee identity management).

The core objective of IAM systems is ‘one single digital identity per unique individual’ and it includes technologies such as SSO and MFA. 10Duke is Europe’s leading provider of Identity and Access Management solutions and provides leading-edge security solutions to companies around the world. For more information contact us for an informal chat or to book a demo.

IoT

Put simply the Internet of Things (IoT) is internet connectivity between a system of interrelated ‘things’. Each “thing” has a unique digital identity and is able to transfer data over a network. These ‘things’ can be computer devices, mechanical machines like cars and fridges, objects, animals and/or people – basically anything that can connect to the internet and transmit data. The possibilities for our future are endless as a result of this interconnectivity, however allowing all these ‘things’ to connect to the internet creates serious vulnerabilities if they are not properly protected. A number of attacks have made the headlines in recent years, from refrigerators and TVs being used to send spam messages to hackers infiltrating baby monitors and transmitting messages.

Because the IoT is a relatively new market a lot of manufacturers are more concerned with getting their products to market quickly, than ensuring the devices they make are secure. Building security in from the start can be costly, slow down development, or cause a device not to function as it should. Connecting legacy assets not inherently designed for IoT connectivity can be challenging and retrofitting smart sensors may be costly. Some devices also simply do not contain the compute resources necessary to implement strong security like advanced encryption. Many IoT devices currently do not or cannot offer advanced security features, however recent Distributed Denial of Service (DDoS) attacks that brought down the internet were generated with the unauthorized use of IoT devices, proving yet again, that security must be our main priority. With our increasing connectivity, more than ever before, the security and protection of our information has to be considered first.

IoT security methods vary depending on the specific device or application and its place within an IT network. IoT manufacturers concentrate on building tamper-proof hardware and ensuring secure upgrades, providing firmware updates/patches and performing dynamic testing. Solution developer’s focus on creating secure software, keeping systems up to date, mitigating malware, and protecting infrastructure.

Blockchain

Blockchains have only existed in cyberspace since 2008. A blockchain is basically a shared record of transactions distributed across a network. Think of it sort of like a spreadsheet that is duplicated thousands of times across a network of computers. These computers are called nodes and nodes are owned by ‘miners’.  

Miners verify each new transaction in the chain by checking it against their records, so for example with bitcoin they check that whoever spent a bitcoin actually had a bitcoin to spend. Generally, more than 50% of the miners have to agree in order for a transaction to be verified and miners compete with each other to validate transactions, by solving cryptographic puzzles and creating subsets of miners who can confirm a transaction. This ‘group agreement’ is then packaged into a new ‘block’ in the chain that’s sealed with a cryptographic fingerprint. The ledger is updated with the new block and shared across the nodes.

What makes the blockchain system theoretically tamper proof is the unique cryptographic fingerprint added to each block, and the ‘consensus protocol’ whereby multiple miners in the network have to agree on the shared history of the chain. The block and the cryptographic fingerprint, (called a hash), takes a lot of computing time and energy to generate and miners are rewarded financially for their efforts.

Blockchains have been described as ‘incorruptible digital ledgers of transactions’ as they are a single version of the truth that is shared by thousands of people and so do not have a single point of failure. It would require massive amounts of computing power to access every node in a chain (or at least a 51 percent majority) and alter all the nodes at the same time. Blockchains are secure, providing a hacker cannot gain enough mining power to disrupt the validity of a chain, however, hacked nodes can cause miners to waste a lot of resources solving already solved crypto puzzles or confirming fake transactions.

Blockchains can also fail where they connect with end-users in the ‘real world’ for example through bitcoin wallets, which can be ‘heisted’. This is not a lack of security in the BlockChain itself but a lack of security in storing the bitcoins. Heisted bitcoins can’t be cashed out without the criminal being identified, however once stolen they can’t be spent or cashed out by the genuine owner either. Historically only large heists have taken place, worth hundreds of thousands of dollars, presumably due to the huge complexity required to make any financial gain as a result of the crime. The blockchain is better, but not perfect and Blockchain technology still requires cybersecurity solutions just like any other digital technology.

Fraud/transaction security

Staying safe online is a major issue in the 21st century. Suspicious calls, suspicious messages, holiday scams, ticket scams, dating scams, fake jobs, fake items for sale, investment fraud, competition scams, credit card fraud and mortgage deposit scams are just a few items on an ever-growing list.

We all think we’re too smart to be scammed, but fraudsters are very clever. They’re always looking for new ways to steal money and sometimes we’re just too busy to pay attention to the things we should. 18% off all purchases occur online and this number is only set to increase as we move further away from the high street to online platforms. It’s sometimes difficult for a merchant to verify that the actual cardholder is indeed authorizing the purchase so the internet is a major route for fraud against merchants who sell products online. Currently one out of every 1200 credit card transactions is fraudulent.

A fraudster might try to trick you into revealing passwords or financial details by phone or email, but it’s unlikely to be that obvious. Malware is malicious software that consists of code or scripts designed to disrupt the performance of a PC, laptop or handheld device. Malware can also collect information or data from your device and pass it to another device. Malware includes viruses, worms, dishonest adware, trojan horses, scareware, spyware, and crimeware.

An ounce of prevention is worth a pound of cure

Cybersecurity is about gaining peace of mind from knowing that your business is prepared. But it’s not just one product, it’s a process. It’s the whole system that works together – all of your endpoints, devices, employees, applications and networks. When it comes to cybersecurity, prevention is definitely better than cure and preventative companies (like 10Duke) will help reduce your attack surface and stop people getting in. Processes and technology should be put in place to limit and control what information end users can access within a network, as well as the actions they can take. But if the worst happens and you do come under attack, you need to know what you will do and how you will handle the situation – this is where reactive measures can help you find and remove malicious traffic that has already infiltrated your network.

Share:
Request a Demo