My Account

Profiled Partners

  • Be Cyber Aware At Sea
    A Global Maritime & Offshore Initiative.
  • CSO Alliance
    The World's First Global Members Alliance of Maritime Company Security Officers (CSO)
  • Navarino
    The Maritime Industry's Most Advanced Communications & Connectivity Company
  • Be Cyber Aware at Sea
    Start the Course now!


How to stay on top of 'under the radar' cyber threats

CSO Alliance, 25 September 2017 
October 24th 2017
CSO Alliance, 25 September 2017
It is feels logical to focus on the big, headline grabbing, threats and vulnerabilities; after all - big issues require big solutions that can be quicker to implement for 'maximum effectiveness'. However, firms of every size must realise that the small gaps can be just as dangerous, partly because lots of small vulnerabilities can let in just as many issues as big ones, and partly because by being so far under the radar they can go undetected or, worryingly, ignored. Read the article online here

When it comes to cloud-based cyber attacks, our attention naturally gravitates to “the big ones” – like the exposure of data related to more than 14 million Verizon customers stored on an unprotected Amazon S3 cloud server in July. Or a reputed Turkish crime family’s attempt in March to squeeze Apple for $75,000 by threatening to remotely wipe phones after claiming to steal as many as 559 million iCloud credentials.

Cloud security adoption has increased exponentially. Gartner projects the worldwide public cloud services market to grow 18 percent this year reaching $246.8 billion and Amazon Web Services’ revenue increased 42 percent year over year. Most companies are reaping the benefits of cloud security whether they’ve forsaken their on-premises data centers and computing hardware entirely, like Time, Inc. or are at another stage on their journey to the cloud in a hybrid infrastructure.

The truth is, however, that enterprises must stay on top of incidents which fly below the “big headlines” radar. Adversaries are happy to exploit vulnerabilities in low-key fashion, after all, biding their time inside of a network to steal a couple files, then leave, only to return and repeat the process. Here are some key takeaways about smaller-scale cybersecurity threats that IT managers and their tech team members – and even non-IT senior leaders and top business professionals – should know.

The cloud beckons
If you’re wondering whether to expand your organization’s cloud footprint, you should. If security concerns have stopped you in the past, they shouldn’t. Research suggests the cloud is actually safer than on-premises environments. Other research shows that applications in pure public cloud environments experience fewer security incidents than those in all other deployment models – on-premises data centers, private hosted cloud or hybrid cloud infrastructures. In fact, a hybrid infrastructure comes with an increased attack surface size and generally a larger number of entry points, thus inviting potentially the greatest amount of vulnerability. That doesn’t mean you shouldn’t consider hybrid cloud environments, you just need to understand the risk and secure your applications accordingly.

Web apps can be protected, but more care in the design phase doesn’t hurt
Web app attacks account for nearly three of ten breaches overall – far outpacing cyber espionage, privilege misuse and all other threat-drivers, according to the latest Verizon Data Breach Investigations Report (DBIR). Obviously, they dominate as targets because they perform such a wide range of key functions in the cloud. They support the databases that online retailers use for customer registration information. They provide an online space in which employees can write up expense reports, fill out timesheets and, on their lunchbreak, draft a fantasy football team.

Yet, these apps typically depend upon open-source coding to, for example, gather geographic locations of those registered customers for the purposes of insightful and actionable sales/marketing analytics. But open-source paves the way for plenty of backdoor entry points for hackers to take advantage of – there’s too little security-focused vetting that goes into its design. We have to train developers to collaborate with security professionals so defense is embedded into every phase of the software development lifecycle, with teams conducting constant scanning and code review. They need to define how much risk is acceptable and how much isn’t, and then patch their products accordingly.

Machine and man make for good partners
By submitting malicious structured query language (SQL) statements into input fields, bad guys are taking control of web app databases. Actually, they’ve been doing this for many years now and, somehow, continue to get away with it.

Fortunately, ongoing innovations with machine learning are raising our visibility and awareness. Through machine learning analytics, you will find that a fair share of successful SQL attacks result in disclosure of information about the database (for instance, the version of the database in use), but showed no identifiable evidence of progression beyond that point. Other attacks will go further to obtain more information – tables and/or field names and row and column limits, etc.– and demonstrate the potential to inject commands, but do not breach actual data. Relatively few are the “overachievers,” exfiltrating row data and breaching (or dumping) data at ease. But without human input, progress with machine learning will remain limited. The people factor proves essential in examining machine-generated results and then determining which are false positives and which are real threats.

Simple steps go a long way
Via remote code execution and file uploads, adversaries infect the “little guys” – people who may read news articles on a site that contains legit content, but also has harmful “trap” links – to use them as a gateway to take control of their computer and/or steal someone else’s data. In this case, IT teams can pursue a number of simple but effective preventative measures that weren’t available years ago. Take file integrity monitoring (FIM) tools, for example, which send alerts if file activity detours outside of what IT has categorized as “normal” interactions during a workday.

While it’s true that “the big ones” among incidents trigger our greatest fears, it’s the smaller, daily exploits which will just as often or more often lead to stolen files, swiped credentials and disrupted operations. So it’s critical to create a comprehensive security plan that incorporates the simple steps (file monitoring) with more advanced tech (machine learning), while including human collaboration throughout it all. With this, you’ll be prepared for any attack – big or small – to ensure a vigilant and protected enterprise.