Avoiding the Winter Olympics big freeze
Following the terrorist attacks in Volgograde at the end of December, the US Defence Secretary, Chuck Hagel, called his Russian counterpart Sergey Shoygu and promised security assistance for the Winter Olympics inSochi. However, high-profile events such as these are not just a time for increasing physical security for citizens, visitors and property, but also a time when cyber criminals and hacktivists become more active, thereby placing organisations' IT security systems under additional stress.
Businesses face two broad categories of attacks during major events. One is from activists who want to take advantage of the oxygen of publicity and cause disruption while the eye of the global media is watching. Hacktivists or cyber terrorists are usually politically motivated and use techniques such as denial-of-service attacks, the taking over and vandalising of Web sites, or the uploading of Trojan software.
The other type of threat actor is cyber criminals who want to stay under the radar of detection and gain access to an organisation's systems in order to steal money or intellectual property. A common entry tactic is deploying spear phishing e-mails that contain a Web link or attachment. These often lead to sites where the Web browser and related software are subjected to various exploit techniques, says Brad Pulford, Dell enterprise solutions group director.
Phishing e-mails can be very convincing and difficult to distinguish from legitimate e-mail messages. "Win tickets to the Winter Olympics Alpine skiing final", for example, may be too hard a subject line for an employee to resist opening an unsolicited e-mail and clicking on a Web link, thereby comprising their PC, smartphone or other device. The attacker will then try to achieve an expansion of access by capturing legitimate login credentials, especially credentials belonging to administrators who have elevated access to the important systems, enabling them to move through the network by simply logging in, which of course makes detection even harder.
Says Pulford: "The threats that lie within networks, endpoints or devices can be both seen and unseen, and can come from all perimeters of the organisation. In addition, BYOD, big data, cloud, social media, Internet usage and mobile apps have increased the challenge faced by IT leaders."
Here's a five point check-list as the Winter Games gets under way - one for each of the Olympic rings!
1. Reduce network entry and exit points to help detect irregular activity. Prevention is important but detection is crucial. Effective logging and monitoring is key to determining what normal behaviour is in order to identify unusual activity. If an organisation understands its baseline, then it is a lot easier to spot inconsistencies, such as excessive access to information or uncommon access requests.
2. In advance of the Games, undertake vulnerability assessments of your infrastructure - and employ robust patch management and access rights in order to mitigate any identified weaknesses. Make sure users have access to only those apps and data they need access to. Controlling end-user and privileged account access are the cornerstones of any good IAM project.
3. Standardise firewalls and intrusion prevention systems (IPS) as part of your company's network security architecture - consider implementing a next-generation firewall. Take care in which solution you opt for and be sure to choose one which is able to detect anti-evasion techniques and also has the ability to scan all traffic regardless of port or protocol, including Secure Socket Layer encrypted traffic.
All intrusion prevention systems are designed to prevent known attack traffic patterns from penetrating systems on the network. However, there is an inherent problem with the technology, since it can only block the attacks it sees and with which it is already familiar. Disguised code is a major problem and it is possible to trick the traditional IPS inspection engines into passing the traffic. Businesses can achieve a deeper level of network security by adopting an IPS which uses anti-evasion, data-normalising techniques to uncover and block advanced evasion and obfuscation techniques before they can make it onto the network. A final but important consideration is the importance of scanning both inbound and outbound traffic, regardless of the ports and protocols. This is overlooked by some IPS solutions which focus only on what's coming in from the outside. Therefore, there is no deterrent if the threat is already inside, either physically or because an organisation has compromised systems.
4. Identify, maximise protection and lock down key information assets. There's no benefit to be gained from spending more on security than the information is worth. Cyber criminals conduct highly targeted attacks and so a targeted defence is warranted.
5. Foster education, encourage diligence, and develop processes for employees. Primarily due to a lack of awareness, employees frequently open the virtual gates to attackers. With the rise in cyber crime as well as the increase in mobile working and BYOD trends, it is more important than ever to educate employees on the important role they have to play to ensure they do not unwittingly expose themselves and their company to a breach. In order to provide true protection, both outside-in and inside-out, make sure workers are aware that there is a high probability that they will be targeted at some point and to be vigilant at all times. Teach employees what qualifies as sensitive data, as well as how to identify and avoid threats. Ensure they know the right procedures for accessing and protecting business information.
Bandwidth management offers additional insight into network and application traffic. During major sporting and cultural events, there can be productivity issues around network performance due to unprecedented demands on an organisation's bandwidth, as workers stream video and live TV. Rather than taking a heavy-handed approach and blocking sites such as YouTube or BBC iPlayer, some firewalls offer bandwidth management tools which identify and control traffic so as to forward for acceleration only policy-appropriate business-critical traffic, such as SalesForce.com and videoconferencing applications.
IT systems will never be invulnerable to attack and experts' recommendations to improve security seem endless. Defending against a determined attacker who would like something you've got is a constant challenge. "The only solution is many solutions, as no single technology can help you win the battle, but be sure to include employee education as part of your efforts, as this will help to reduce the unintentional, but significant, human error factor," concludes Pulford.