Views
1 year ago

CSLATEST

cyber warfare IT'S WAR -

cyber warfare IT'S WAR - AND IT'S NOW CYBER WARFARE IS A REAL THREAT - AND HAPPENING SOMEWHERE NOW, AS THIS IS BEING WRITTEN Government and corporate cyber resources are under attack around the globe. It is a grim picture to acknowledge, but it is a real one. Nowhere has this been more apparent than with all the recent news about North Korea, says Alastair Hartrup, Global CEO of Network Critical. "The closed-off country has been making waves in the news recently after being credited for several cyber-attacks on the UK and US [these were particularly prevalent throughout November last year]. The scariest part is how easy and risk-free this has been for them so far and is a real sign that we as countries need to beef up our cyber security, just as much as our physical security." Of course, North Korea is only one of the more recent cases of cyber warfare in the world. "There are many other case studies we can look at from the past," he points outs - not least when the Department of US Navy was hacked through contractor emails and 134,000 sailors had their personal information and social security numbers stolen. "This information will likely be sold for use in identity theft. This is not just stealing information to make credit cards and buy stuff on a fictitious account. This hack is more. This is cyber warfare. This hack is compromising the families and distracting the focus of service men and women in the Navy." Which makes it no great surprise that many divisions of the military have been preparing for Cyber Warfare for years. "The People's Liberation Army Unit 61398 is a division of the Chinese military that is dedicated to hacking corporations and governments around the world. A report by computer security firm Mandiant provided detail on this organisation and, after many diplomatic denials, the Chinese government confirmed the existence of the group." 12 computing security Jan/Feb 2018 @CSMagAndAwards www.computingsecurity.co.uk

cyber warfare There were allegations of foreign hacking last year that are still being investigated, Hartrup states. "This is surrounding the Russian hacking groups that were very active in trying to influence the outcome of the 2016 United States election. This is Cyber Warfare on another scale, as one country could manage to manipulate the political climate of a rival country and possibly get away with it entirely." BIGGEST THREAT Cyber warfare is our biggest threat today, he asserts. "It is more effective than blowing up buildings and roads. It is more effective than killing and capturing opposing forces. It is the warfare of the 21st century. It is warfare that captures minds and hearts, not just bodies. The new bombs are fake news, leaked emails and violent propaganda. The United States spends hundreds of billions of dollars on new fighter jets, bombs and automatic weapons. Yet the Marine Corps database, managed on contract with HP, was not secured. This is what allowed an SQL injection breach to the Marine Corps Intranet by the Navy hackers noted above." Two years ago, the British Government announced that it would be spending £1.9 billion on cyber security over a 5-year CYBER ESSENTIALS - FIVE KEY TIPS: period, effective as of 1 November 2016. "We have begun to see the effects of this with new cyber security centres being erected and government-backed training schemes in cyber security for over 2 million people. These are all a step in the right direction; but, when you compare it to the military budget of 2016, a staggering £35.1 billion, it feels like cyber warfare is not being treated as seriously as it should." It does not help that the Autumn 207 budget made no mention of increases to cyber security or that many UK businesses are actually slashing their cyber defence budgets, Hartrup continues. Budgets for security are around a third of what they were this time last year, down to £3.9m on average, compared to £6.2m, according to research from PwC. The cost of attacks has fallen, however - down to £857,000, compared to £2.6m a year earlier. But the impact of attacks was felt more widely across the business in areas such as operations and data, while the ultimate cost can be hard to quantify. TIMELY SIGNAL? Perhaps the recent cyber security attacks will act as a signal that we as a country need to step up our cyber security game, continues Hartrup. "For the time being, however, it is also important to recognise and act on the urgent need for vigilant management of network security profiles, continuous training, and permanent monitoring and management with tools that are available now. "Tapping links and utilising firewalls, intrusion prevention systems (IPS), data loss prevention (DLP) and other threat landscape reduction tools are a promising start to deterrence of debilitating breaches from foreign governments, as well as domestic hackers. Packet Brokers are capable of providing simplified connection of multiple security tools. These devices allow mapping of data flows to specific tools and provide fail-safe protection to the network, in case one of the security tools goes off line. Further, tools may be connected redundantly for maximum security without compromising network availability." Cyber warfare is the new battlefield, Hartrup concludes. “It is quiet, but effective. It is hidden from public view but very much a public threat. We have some good tools to fight it now, but must up our game for the future. Military investment must maintain our traditional fighting forces, but must also support a rapid transition to fighting a new type of war.” Boundary firewalls and internet gateways - these are devices designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective. Secure configuration - ensuring that systems are configured in the most secure way for the needs of the organisation. Access control - ensuring only those who should have access to systems actually have access and at the appropriate level. Malware protection - ensuring that virus and malware protection is installed and is it up to date. Patch management - ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor been applied. GLOBAL BATTLE Cyber security has certainly become something of a buzzword. Organisations across the world, and the industry itself, have come under the spotlight as an increasing number of high-profile public and private sector organisations have experienced a cyber-attack. You need only think of the more than 230,000 computers in over 100 countries that were infected by the WannaCry ransomware attack, hitting 47 trusts within the UK's NHS. "Cyber security is a growing concern and one of the biggest threats to UK and global www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2018 computing security 13