Article
Cyber Security

The biggest cyberattack threat is people, not computers

By Phil Chapman, Head of Cybersecurity Curriculum, Firebrand Training
December 17, 2021
undefined mins
Phil Chapman, Head of Cybersecurity Curriculum at Firebrand Training speaks about the threat of cyberattacks

While the Secretary of State for Defence, Ben Wallace, has gone on record stating that the UK is prepared to launch offensive cyberattacks against hostile states, the UK is facing a cyber war on the home front. Away from the global aspects of state-sponsored threats and terrorism, the war rages on in our homes and businesses. Just like in medical terms, viruses and malicious software work against the vulnerabilities of our systems meaning that we can never be 100 percent secure. Every day is a battle against a different type of virus, and every day we shore up our defences, remove them or invisibly live with them. 

This year, and somewhat under the radar, we are witnessing a month-on-month growth in cyberattacks using bots and botnets. These are implanted into vulnerable systems to be controlled remotely to steal data and credentials, spy on us by opening up a backdoor or stop our systems from working. Others can hijack internal systems to perpetrate a criminal act on behalf of someone else. The rise of the botnets is currently being calculated to have risen to over 80% in Q3 of 2021 according to Internet-based monitoring agencies.

 

IoT at home: Leaving the backdoor wide open 

There are several key factors which are driving this increase. Firstly, malicious software thrives in a target rich environment, especially those that are in close contact or share connections.  The growth of smart devices and the Internet of Things in our homes, offices and on our wrists increases that footprint. 

The plug and play attitude of most users who simply follow the easy to follow instructions and leave devices on their default settings, unfortunately means the hackers know exactly how security settings work. These become easy pickings for any locksmith.

 

Frail networking protocols fuelling cyber hitmen 

Secondly, we rely every day on infrastructure which is built on foundation applications and protocols created 30 years ago and which have hardly changed over the years.  As technology has advanced, these protocols continue to support and work hard but are vulnerable and fragile.  The recent outage of Facebook, although not malicious, is a clear example of how frail these networking protocols are, and a simple misconfiguration can bring it all to a halt. 

Hackers do not have to be gifted coders to attack these systems, they just need to know that they exist to be exploited and have a motive to do so. A simple search on a Dark Web marketplace site will allow you to purchase a whole host of malicious code, tutorials or hire an ‘As a Service’ to do the attack for you, all at very little cost and with no expertise required. Distributed Denial of Service as a Service (DDoSaaS) is like hiring a cyber hitman to kill a company.

 

The weakest link: The user 

Finally, the target audience has moved to a vulnerable area and no longer acts like they would do in the safety of the office.  Working from home, working from abroad and remote working are not new concepts but have come to the fore in recent times. Telecommuters connect to systems across an open internet, video calls, emails and other data sharing applications leading to increased vulnerability. 

Ultimately, the weakest link in the chain is the user who doesn’t understand the risk. We use multiple security policies to protect our assets, but these apply to normal working conditions when our staff and management teams are safely tucked up in the office. But now there is a new battle ground and policy should be the first thing to consider before tackling the technology to defend it.

 

Boosting cyber immunity

Just like a medical virus, the cyber versions can mutate to counter any barriers they meet.  New versions appear almost daily and are always one step ahead of our anti-virus systems. Vaccination is a great form of defence, but we know that it's not 100% effective.  So, we need to layer in other forms of technical, physical and procedural protection to keep us safe. Rather than stop criminals in their tracks, this defence in depth technique only delays the advance of the attackers.

The weakest part of our defences are the biggest assets - people.  People need to be protected and people need to be aware of the threats against them.  So, a User Training & Awareness Policy should be top of the list.

 

cyberSecurityVulnerabilitiesInternet
Share
Share

Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security