What is Cybercrime?
Cybercrime is criminal activity carried out using the internet infrastructure. According to The Ponemon Institute's Study, these attacks range from “stealing an organization’s intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country’s critical national infrastructure. Recent well-publicized cyber-attacks…have affected private and public sector organizations.’’
What are the Security Threats?
The digital revolution and the interconnection of Local Area Networks (LAN) has led to the increasing expansion of the internet. The expansion of the internet has in turn meant easier access to online resources by its users. The internet boom has brought unparalleled commercial growth to individuals, businesses and nations, however, for ecommerce activities to thrive secure internet access is required. While providing the platform for the success of companies and individuals, internet expansion has also offered a window of opportunity for cybercriminals, cyber vandals and hackers. Attacks are forever evolving and, as a consequence, IT security personnel have to adopt a stance of constant vigilance. In particular, the maintenance of security on networked IT systems is of paramount importance. Security tools to protect and monitor activities on IT systems should be deployed but these do come at a price.
The UK Detica report Cyber Security and Information Assurance indicates that,
“Our society is now almost entirely dependent on the continued availability, accuracy and confidentiality of its Information and Communications Technology (ICT). We need it for our economic health, for the domestic machinery of government, for national defence and for our day-to-day social and cultural existence.
As well as significant benefits, the technology has also enabled old crimes to be committed in new and subtler ways. In its National Security Strategy4 report, cyber threats are recognised by the Government as one of four ‘Tier One’ risks to the UK’s security. The report goes on further to indicate that cybercrime is costing the UK economy £27bn annually.
What is the nature of these attacks?
Computer attacks can either be automated, manual or both.
Manual attacks are slow as they are dependent on the vulnerabilities the hacker is confronted with. A hacker who might have set out to look for IIS5.0 vulnerabilities and finds that IIS4.0 is configured instead, has to change his programming approach in order to exploit IIS4.0
The activities carried out by the hacker often entail obtaining information about an organization. This information includes domain names, open ports and vulnerabilities on the network systems and how an organisation is connected to the internet. An organisation's information can be obtained through querying the whois databases. Information that can be displayed includes an organisation's domain name, the network's internet single IP address and the administrative point of contact for the organisation.
Automated attacks, meanwhile, are quicker and indiscriminate. Automated programmes attack any machine they find. Examples of automated attacks include worms, viruses and Trojans.
It should be noted, however, that both manual and automated attacks can be employed during an attack.
External Threats and Insider Attacks.
IT systems are not only prone to external threats but also to insider attacks. Substantial losses have been incurred by companies due to insider attacks.
External attacks include the following;
Denial-of-service attacks in which an attacker sends a succession of requests to a target's system in an attempt to consume server resources to make the system unresponsive to legitimate traffic.
Diverting an organisation’s network traffic to the attacker's computer.
Targeting web applications in order to obtain information of the domain names, network setup and how they are connected to the Internet.
Insider Attacks are malicious attacks on computer systems by persons who are authorised to access the system. Apart from having access, insiders are conversant with the network infrastructure and system policies/procedures. Perpetrators of insider attacks include the organisation’s employees, contractors, or third-party suppliers of data and computing services. In the majority of organizations there is focus on protection from external attacks and as a result there are inadequate security checks to deter insider attacks.
Insider attacks include the theft of sensitive information, intellectual Property (IP). Insiders can then sell the sensitive data and intellectual property. Insiders introduce viruses to computer systems, rendering computer systems inaccessible and unusable.
Disgruntled employees who leave the company carryout malicious attacks on computer systems or create back doors before leaving and then exploit these if they still have access information. Monitor the access to the organisation's important data by employees who are leaving or are about to leave.
Some authorised network users inadvertently attack computer systems. An example is an employee who clicks a spam e‑mail link, downloading payload such as key loggers, which enables an external attacker to steal the employee’s credentials and gain access to the network. In other cases employees click on website links while accessing the internet and leads to viruses and malware gaining a foothold on an organisations network with costly consequences.
Employees accessing an organisation's network using their smartphones and tablets can arise to insider attacks as they might be infected with viruses and malware.
Removable media such as USB flash drives can introduce viruses and malware to the system if infected. USB drives can be used to store sensitive data which can then be removed from the network.
What Measures can an Organisation take to protect itself against Cybercrime?
Organisations are encouraged to implement security measures to mitigate cyber-attacks against their computer systems.
Below is a list of some of the steps that an organisation can take to ensure that computer systems are secure from cybercrime;
Information Risk Management Regime
Develop a cyber security policy and communicate it to your employees, contractors and suppliers.
Secure IT Infrastructure
Build a secure IT Infrastructure and deploy patches against threats and vulnerabilities. For organisations using Windows operating systems Microsoft releases monthly patches against threats and vulnerabilities.
A Secure Network
Security Check/Penetration test IT systems through simulated attacks. Any vulnerability unearthed is then fixed.
Managing user privileges
This is achieved through Authentication, which entails ensuring that users are who they say they are. Authorisation, which involves making sure users have access to only what they need. Auditing, which is checking user activities through analysing logs generated.
User education and awareness
Employees should be trained and follow the prescribed secure network use policy for your organisation’s computer systems. The network use policy should apply to everyone in the organization, including management. Information should also be provided to network users on how non adherence to the network use policy makes cyberattacks possible and how safer practices can help to avoid them.
Education can be carried out through training session, posters and videos. Discourage the sharing of computer logon passwords, leaving computers logged on and unlocked when unattended. Finally, emphasise that the when the organisation is safe it also means that their jobs are secure.
Outline how incidents are reported and dealt with. Learn from these incidents and ensure they do not recur. Also set out the organisation’s Disaster Recovery policy (DR).
Virus and Malware prevention
Install an Antivirus solution and configure policies for scanning for viruses and malware.
Setup a firewall on the network periphery to control inbound and outbound traffic.
Deploy software to monitor user activities, and check what is leaving and getting into your network
Also setup Intrusion Detection Systems to monitor computer systems for possible insider attacks.
Removable media controls
Establish a policy to control the use of portable/removable and scan for viruses and malware. Also monitor printouts as data can be removed from the network in this manner.
Home and mobile working
Configure a Virtual Private Network (VPN) for secure connection to network resources by users when connecting from home or outside the network.
The threat of cybercrime is real. We recommend that individuals remain vigilant online, and that businesses implement the security measures appropriate to their budget.
If you have any questions regarding cybercrime, or anything else related to IT services, please don’t hesitate to contact Computer Service Centre on 01603 431 200.