cyber crime

  • Cybersecurity: It’s all about the (mobile) data

    The growing incidence of cyber-crime is a reflection of the value of the data organisations hold. Security strategies should thus focus on securing that data.

    Today’s business environment is increasingly reliant on apps—those user-friendly mini-applications developed for smart mobile devices. Apps introduced a new era of anywhere, anytime computing that has revolutionised the way that people work.

    The undoubted productivity gains come at a price: corporate systems are no longer protected behind high firewalls because apps need to access corporate data. What many people do not properly appreciate, however, is that mobile apps are inherently less secure than traditional applications simply because the majority of them are not developed with security in mind. The watchword is “speed to market”, so security is usually an afterthought.

    This situation is exacerbated by the growing Internet of Things (IoT). The sensors and chips on machines, in the soil and in cars (to name a few) typically do not include integral security features. In this world, too, the dominant goal is to connect, not to secure.

    Apps are thus seen as the backdoor through which hackers can easily gain access to corporate systems, with their rich hoards of data. How then to protect your precious data in a totally distributed system?

    Following these four steps will help:

    1. Set a policy direction and protection strategy, and make sure that everybody involved in developing apps (including those affected rather just involved) understands the security needs. Security needs to be integral to the development process.

    2. Identify critical data sets. Because there’s too much data to protect, know which data is the most important or poses the most risk, and focus efforts there.

    3. Control access using a risk-based identity model. Access control is really the cornerstone, and needs to be well designed and continuously monitored. The access decisions should be dynamic, taking into account not only who is seeking access but what data is appropriate to the request.

    4. Protect the data while it is at rest. Data is most vulnerable where it is stored—when it is being used by apps, it is less easy to identify. Databases are the focus of most cyber-attacks, so should be the focus of security efforts too.

    Total cybersecurity is never going to be possible, so make sure you know what and where the Crown Jewels are, and protect them.

  • How your rubbish IOT security can pivot to bolster your total network

    IOT security is becoming more urgent.

    By Tallen Harmsen, head of IndigoCube Cyber Security.

    In October 2017, warnings cropped up of a brewing Internet of things (IOT) botnet building for an unknown attack at some time in the future. More than one million organisations - organisations, not devices - have been affected by the attack that is building a new botnet.

    It highlights the fact that our modern threat landscape is changing, evolving, to accommodate our new technologies. IOT devices - cameras, sensors, monitors, wearables - are connected, and because of that, they're valuable to the hackers. Considering the sheer volume of IOT devices, it's not surprising that hackers have automated the process to hack them. Botnets are being used to create even bigger botnets.

    Hackers initially exploited a complete failure to even attempt securing IOT devices. Administrators usually failed to even put passwords onto the devices. Could we really blame them? Their creators never originally designed them to connect to the Internet, so many of them don't even have a password feature. But the world has changed, says Tallen Harmsen, head of Cyber Security at IndigoCube.

    Today's hackers accept the password situation is changing, so common IOT hacks now exploit vulnerabilities in the device code. Again, the original code that makes these IOT devices function normally wasn't designed with the Internet and a rampant hacking problem in mind, so they're not the most secure. Normally that means we have to crowbar some extra code into them to secure them. It's not a pretty solution, but it can work as long as the device operating system will accept the code and if devices have the memory and processing capacity to run it, which they sometimes don't.

    When you run into that problem, you typically have one of two options: a) chuck the device and get a new one that's more secure or can run the secure software; or b) don't do anything and hope for the best. Neither of those is a pretty option. The first can quickly become prohibitively expensive and the second could well be worse than ramming your own car straight into a brick wall. Either way, there's going to be an awkward silence when someone finds out.

    Your options, then, are to spend millions or demonstrate unbridled insanity. Not much of a choice.

    This is why we have come up with a new solution for you. And it not only secures your IOT devices, it actually uses them to make the rest of your network even more secure too.

    You cannot secure what you cannot see and most organisations simply don't see as much as 20% to 30% of their network devices, which happen to be security cameras, smart TVs, and media equipment, attached to them. Those devices have IP addresses and they should therefore be included in security efforts.

    Similarly, you cannot secure what you cannot control. You must be able to enforce security policies across all network devices, all the time, even those that appear and drop off the network at irregular times. Contextualised policies do it better. They are security rules, or policies, that are no longer static; they are dynamic, they can adapt, they are temporal based on their environment, locations, behaviours and more.

    And finally, security must be layered and begin acting, not at the perimeter of the network, nor on the many devices that attach to and fall off the network, but well beyond these internal and external perimeters. Indicators of compromise (IOC) ratchet up administrator awareness before systems succumb to nefarious hacker bots. That's intelligent use of public data both in your own environment and beyond it that's largely ignored today and leaves organisations vulnerable as a result.

    But administrators can't just know an attack is imminent; they must be capable of action. Automated multi-system orchestration is absolutely crucial to corrupting hackers' efforts. Hacker tools are automated so they operate at the speed of machines. The good guys simply cannot match machines where the meat meets the keyboard. They need modern tools, which are automated, to fight the automated hacker bots at speeds their own size.

    This intelligent environment of network-wide orchestration effectively means your security solution shares contextual system data to improve its own security. The devices work together to automatically respond by enforcing dynamic, adaptable and contextualised policies to rapidly contain risks and fix compromised end points. It's not about saving administrators time and hassle. It's about being faster than the crooks so they can't get a foothold. And it slashes attack windows.

    Don't get me wrong. This isn't a silver bullet. But it's a giant leap forward.

    This article was first published by