Assessing the Threat Landscape & Implementing Counter Measures
The threat landscape is constantly evolving and the array of attack vectors and tools available to “bad actors” are vast. The leaking of highly effective and weaponized former intelligence agency cyber warfare tools, methods, and tactics (Snowden, the Vault 7 CIA leaks, the publications by WikiLeaks of cyber weapons code and documentation, The Shadow Brokers leaks) means these tools and tactics are now widely available on the Dark Web to anyone willing to pay for them.
Using these tools, individuals and groups who possess the knowledge to amend, customize, and deploy these cyber weapons for criminal purposes have repeatedly caused major global data breaches. The outcome for businesses impacted by these breaches have been catastrophic. Cyber warfare like conventional warfare is in the process of being outsourced to the private sector but these tools are also regularly deployed by groups acting on behalf of nation states, most notably by North Korea, China, and Russia.
There has also emerged an entirely “legal and legitimate” industry trading in zero day vulnerabilities and exploits supplying military grade commercial spyware software and tools.
Designing your Response to “Bad Actors” Who Aren’t Just in the Movies
Every business in every sector is attractive, to a greater or lesser extent, to “bad actors”. Depending on the sector these “bad actors” can include one, some, or all of organised cybercrime groups, nation or state sponsored hackers, cyber-terror groups, black hat hackers, script kiddies, hacktivists, malicious insider threats, or competitors engaged in corporate espionage. Incidents of economic espionage have sky-rocketed over the last 36 months. The activities of whistle-blowing employees with unauthorised access to sensitive information (due to poor governance, oversight, and propocols) are also well documented as is the fallout of their activities.
In order to mitigate the risks – robust protocols, counter measures, standard operating procedures, and policy driven secure mobile communications are required. These necessities do not just mitigate against business loss and play a central role in business continuity planning and disaster avoidance but also form a layer of defence against the very real monetary penalties that result from data breaches in a post GDPR EU. If counter measures are to be fully effective they must also cater for the “human factor”.
The Human Factor in Cybersecurity, GDPR, and Common Penetration Points for Hackers
The majority of incidents of physical damage, damage to personal and corporate reputations, data exfiltrations, economic espionage, IP theft, data leaks and breaches, degradation of an individual or organisations security posture often begins with human error, a preferred starting point attack vector for adversaries.
While the victim of a breach is busy dealing with the issues directly associated with a breach, calculating the resulting financial losses, bearing the costs of retrofitting procedures and investing in new people, process, and technology to prevent a recurrence, they also face the very real financial sanctions and consequences from external oversight in the new GDPR landscape.
The access points of most likely penetration by an adversary or the omissions in business continuity protections most likely to be exploited are:
- Rampant lack of standards in the use of mobile communications (cell phones, radios, mobile WiFi, hotspots, etc.)
- Lack of robust policies governing BYOD and CYOD environments
- The proliferation of IoT devices in the business environment
- Exposures at employees homes where access to business systems are available
- Out of date or inadequate installations of hardware
- Misconfigured security point solutions
- Poorly integrated security software and hardware in the IT ecosystem
- Exploitation of poor cyber security hygiene in general – in particular cyber awareness amongst employees, contractors, and within an organisations supply chain.