This week, security researches at SmackTLS uncovered a new, potentially dangerous flaw that could allow hackers to trick internet-enabled devices into using weak encryption. The bug, dubbed Freak (Factoring attack on RSA-Export Keys), affects SSL/TLS protocols and could therefore be used to intercept a whole host of data transmitted online – from bank details, to email logins. There is currently no evidence that the flaw has been taken advantage of by hackers, but there are a number of browsers and websites that could be at risk – including Google and Apple.
While this flaw may not be readily employed by hackers, organizations and individuals alike need to be cautious. Not least because it isn’t the only flaw that exists – in fact, we hear of so many examples of vulnerabilities and attacks these days, that there’s a very real chance hearing news like this will become the status quo. Until every organization can be 100 percent confident in its cyber security policies, we need to ensure this doesn’t happen.
While internet companies need to provide patches for flaws such as this, organizations shouldn’t just wait for this to happen. Instead, they need to take a proactive approach and cut the hackers off before they can take advantage of any weaknesses. The most dangerous situation for a company to get themselves into, is allowing a hacker to get in and stay in – the longer they are able to do so, the more damage they can cause.
As such, organizations should employ security intelligence strategies, which allow them to reduce the time it takes to detect and respond to any threats. The problem we have today is that there is so much data crossing networks it can be difficult to differentiate between the good and the bad. Taking an intelligent approach to network security makes it easier to see what should and shouldn’t be there. If a hacker wants to get in, they will – either through a flaw like this, or through other highly sophisticated techniques. Security intelligence provides a moat – they might be able to jump over it, but they’ll be seen doing so pretty quickly.
Last week it was revealed that UK telecommunications company TalkTalk suffered a data breach in 2014, where customer details – such as account numbers, names and addresses – were stolen. The stolen details were then used by scammers to trick people into believing they were being contacted by the company. TalkTalk has said that the information stolen was ‘non-sensitive’ and it believes the attackers were able to access TalkTalk’s internal systems via a third-party that also had access to its network.
We see it time and time again – if an attacker wants to get in, they will. This TalkTalk breach highlights not just the importance of organizations ensuring their own security policies are up to scratch, but also that of their third parties. TalkTalk has done a great job in reacting to the situation by investigating when unusual events were reported, and then quickly informing customers of the situation.
It’s now clear just how important it is to have the ability to identify and respond to threats in as little time as possible. While it seems TalkTalk has responded relatively quickly, it was through a rise in complaints from customers – rather than the company itself identifying unusual activity on its networks. Most organizations currently operate in a mode where the time it takes to detect and respond to threats is months – or weeks at best. In order to ensure that damage is limited, and to avoid becoming the next breaking news headline, businesses should aim to reduce this time to hours or minutes.
Traditionally, organizations have taken a relatively reactive approach to cyber security, but faced with the sophisticated threats of today, this needs to change. However, there is so much noise on the network these days, with vast quantities of data moving around at breakneck speeds, that it can be difficult to proactively identify threats. Security intelligence techniques allow security teams to see through the fog and target the threats that matter, so they can respond quickly and efficiently. The faster businesses can find and shut-down threats, the more work hackers will have to do to succeed and, with any luck, one day in the future they’ll get tired of trying.
Earlier this week, a simulated cyber terrorist strike took place at London’s BT Tower. The event – part of the UK government-backed Cyber Security Challenge – was designed to mimic a sophisticated cyber-attack and tested the ability of amateur contestants to defend the building’s power-supply from hackers. Those competing were selected following nine months of intensive assessments and the ten best from the day have been invited to compete in the grand final in March.
Real-life cyber attacks are becoming far more prevalent and we often find ourselves in a game of cat and mouse, trying to keep up with the perpetrators. These schemes are excellent for weeding out talented people who can help defend critical infrastructure from hackers – and may one day be part of thwarting potentially dangerous threats. Programs like these are great to see as they demonstrate that defending our boarders from cyber attacks is moving higher and higher up the political agenda.
However, we do need to be careful not to place too much credence on people alone. While a workman can never blame his tools, it is also imperative to have the right systems in place to help identify and remediate potential threats. There is now so much data passing through the networks of both private organizations and national infrastructure, that people alone cannot be the relied upon to identify when something is wrong.
Instead, security intelligence is paramount. These systems are designed to monitor networks constantly in order to spot anomalies – and can process far more information in real-time than any human being. There’s no doubt that we need the best people on the case, and events like this are an excellent way of finding them – let’s just also make sure they’re given the best possible tools to work with.
A recent study by Lancaster University, The Future of Maritime Cyber Security, has found that Britain’s aircraft carriers and warships are at risk due to their reliance on ageing software. The research team has warned that the Royal Navy and it’s international allies need to “fundamentally rethink” how they use technology on warships, as the software being used has a far shorter lifespan than the ships and aircraft carriers themselves. As such, new cyber defense strategies need to be implemented and Navy personnel trained in how to be secure online.
All cyber attacks have their consequences and how far reaching the effects are clearly varies from case to case. One thing I think we can all agree on though, is the havoc that would be wrought should the Navy come under attack. While our armed forces are well acquainted with defending against the enemy, in the cyber world it can be far more challenging to determine exactly who that enemy is, and what they are doing.
We live in an age where the use of Advanced Persistent Threats (APTs) is on the rise, which, by nature, are often left unidentified for years. The researchers from Lancaster are quite right to point out that the armed forces’ aircraft and warships are built to last, while the software is not. However, all software is effectively under threat as soon as it is deployed, and understanding that is key for every organization – armed forces or otherwise.
The solution is not necessarily to constantly deploy new software to combat the risk – that just leads to a tedious game of cat and mouse. Instead, it is imperative to constantly monitor the network for unusual activity in order to identify suspicious behaviour as quickly as possible. The Navy is no stranger to intelligence – the more information you have, the better position you are in to defend yourself – and it is no different when it comes to cyber security. For all of us, it is a case of when, not if, an attack takes place, but with the right security intelligence measures in place, the risk can be minimized.
Last week Barack Obama and David Cameron announced that the US and UK would implement a rolling program of ‘war game’ cyber attacks on each other, which will be conducted by the FBI, GCHQ and MI5. Targeting critical national infrastructure, a key element of the program will be the sharing of information, with the first test seeing a staged attack on the financial sector later on in the year. During this exercise, the Bank of England and commercial banks in the City of London and Wall Street will be targeted in a bid to ensure adequate security measures are in place.
Following hot on the heels of one of the worst years for data breaches, the US and UK are clearly upping the ante when it comes to enforcing stricter security measures – and rightly so. With the majority of their critical national infrastructure running on connected networks, these industries cannot afford to take any liberties. The last couple of years have shown it really is a case of when, not if, they will be targeted, and by using the most sophisticated techniques, the US and UK crime agencies will, without doubt, be able to expose any existing weaknesses. Businesses will no longer be able to cross their fingers and hope that their ill thought-out or inadequate security strategies will be sufficient.
The sharing of intelligence between MI5, GCHQ and the FBI will be key in this program’s success. While, in the UK, we have seen the Waking Shark exercise and the Bank of England employee ethical hackers to test its infrastructure in recent years, it is only worthwhile if the lessons learned are acted upon and shared with a wider audience. It doesn’t matter which industry you are in, or which country you live, it’s still us against the bad guys.
The problem that we are still seeing in many industries is that far too many are still failing to take a proactive approach to cyber security. This is simply not good enough at a time when major breaches are hitting our headlines on a daily basis. Businesses need to be constantly prepared for an attack and any of those in this program who aren’t doing this should expect to be exposed. The only way to ensure they have the best possible chance of keeping today’s sophisticated threats out is through 24/7 monitoring of all network activity, which needs to begin now, not as a mere afterthought. Any industry that underestimates the importance of continuous monitoring will ultimately regret that decision – and by then, it may be too late.