1 year ago


cyber warfare Andy

cyber warfare Andy Butcher, Axians: Cyber security is one of the biggest threats to UK and global businesses. businesses. Had the NHS been up to date with their cyber security, they could have avoided this attack," says Anthony Cotton, information assurance officer at the University of Derby. It isn't just large companies that are vulnerable, though. Small to medium sized businesses are also at risk - a reported 74% have been subject to information security breaches. "Sixty per cent of small businesses fail within the first six months of being hit by a cyber-attack," Cotton adds. DARK WEB With increased availability of automated hacking tools on the 'dark web', experts say that the scale and size of threat will only increase. "With a growing number of connected devices, demands for transformative technology and users' insistence that their data is secure, the problem is not going to go away," says Andy Butcher from Axians, which is a specialist in helping organisations to develop secure networks. In October 2016, the UK government launched the National Cyber Security Centre (NCSC) with an aim to make the UK the safest place to work and live, and address the cyber skills gap. Much work has been achieved over the last 12 months but is the government's strategy for dealing with cyber security adequate? GLOBAL BATTLE Cotton believes it's going in the right direction. "The government published a comprehensive, national cyber security strategy last year, which is actually very good. With the opening of the NCSC - part of the Government Communications Headquarters (GCHQ) - and company access to the Cyber Security Information Sharing Partnership (CiSP), businesses can view secure communications about cyber incidents and ensure their systems are protected." MITIGATING RISK For Axians' Andy Butcher, these strategies will help businesses to mitigate risks. "When things go wrong, the reputational damage that accompanies security breaches can be significant. This means that companies have more impetus than ever to protect their information on the networks. With the introduction of the EU General Data Protection Regulation (GDPR) set to come into effect on 25 May 2018, any organisation that handles personal or confidential data must be on track towards compliance or face substantial fines," Butcher cautions. While more information is now available to support businesses, one of the biggest problems facing the cyber security industry is its talent pool. The largest ever survey of the global cyber security workforce predicts a shortfall of 1.8 million cyber security workers by 2022, and the job site ‘Indeed’ reports that employer demand for cyber security roles is three times higher than candidate interest. So, how can we close the skills gap and attract more young people into the profession? Anthony Cotton says that extensive training opportunities are available and organisations are starting to see the value in joining these. "There are now 14 UK Academic Centres of Excellence in Cyber Security Research at universities in the UK, and initiatives such as the Cyber Security Challenge UK, where the next generation of cyber defenders can test their skills, are starting to attract younger people into the industry," he points out. Businesses should also weigh up the need for skills against reputational risk and build this into their strategy. "A business can put itself at risk without the right skills, causing a disparity between the long-term vision of the company and the reality of the here and now," Butcher argues. The solution? "Skills can be found externally to create partnerships in network security. Increasingly, we are seeing 'virtual security officer' style roles where security consultancy, pre-sales skills and support skills are pooled into a service rather than a single full-time employee. This is far more affordable and means businesses benefit from a wealth of knowledge from those who deal with a variety of networks and technology every day," he adds. While the search for fresh talent continues, businesses must be prepared and have the processes and technology in place to mitigate potential risks. The question remains: what should businesses be doing to protect themselves? Butcher advises: "The main issue isn't the threat of a targeted attack; for businesses, it is keeping up to date with vulnerabilities in their own networks. Organisations should start by understanding where their risks are and plan to re-architect the network, so that risks can be avoided without affecting business as usual service." In this game of cyberwarfare, we will always need to be one step ahead of the hacktivists. 14 computing security Jan/Feb 2018 @CSMagAndAwards

masterclass APPLICATION-LAYER DDOS ATTACKS: BAD THINGS COME IN SMALL PACKAGES DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS COME IN MANY FLAVOURS. HERE, CHARLOTTE GURNEY, MARKETING MANAGER, BROOKCOURT SOLUTIONS, CONSIDERS ONE IN PARTICULAR One of the more popular Distributed Denial of Service (DDoS) attacks these days is the application-layer attack, sometimes called a Layer 7 attack, because it targets the top layer of the OSI model, which supports application and end-user processes. While service providers can detect and block volumetric attacks, as well as larger application-layer attacks, smaller application attacks can easily escape detection in the large ISP backbone, while still being large enough to cause a problem for the enterprise network or data centre. A GROWING THREAT Application-layer attacks figure prominently in the DDoS threat landscape, according to Arbor Networks' 12th Annual Worldwide Infrastructure Security Report. Indeed, an estimated 88% of all DDoS attacks are smaller than two gigabits per second. Domain name system servers (DNS), the directories that route internet traffic to specific IP addresses, are the most common targets, cited by 81% of the report's respondents. HTTP and secure HTTPS services are also targeted frequently, rendering them unavailable to legitimate requests. In fact, many business-critical applications are built on top of HTTP or HTTPS, making them vulnerable to this form of attack, even though they may not look like traditional public web-based applications. For a financial institution or online retailer that depends on its web presence to attract and serve customers, the impact can be catastrophic. Not only does the attack prevent the normal conduct of business, but it can also make a site invisible to search engines or at least bump it from the front page of search results. PROTECTING APPS IS NOT ENOUGH IT security teams are often under the mistaken impression that a web application firewall (WAF) provides adequate protection against application-layer attacks. Since applications are the targets, this seems logical on the surface. And WAFs are certainly necessary to filter or block attempts to gain access to servers or data. But they are vulnerable to state or resource exhaustion. The problem is that what starts as a trickle of legitimate-looking app service requests eventually turns into a flood and application-level defences won't recognise the flood of legitimate requests as an attack at all. For these reasons, a DDoS perspective is necessary to detect and thwart applicationlayer attacks. Without a dedicated DDoS solution, security teams may not even realise they are under attack when the site goes offline. They're left scrambling to restore service on the fly, diverting IT resources and eating up hours or even days that can translate into millions of dollars of lost business. THE FIRST LINE OF DEFENCE To effectively detect and mitigate this type of attack in real time, what's needed is an inline, always-on solution deployed onpremise as part of a best-practice, hybrid DDoS defence strategy combining cloudbased and on-premise mitigation. An intelligent on-premise system will have the Charlotte Gurney, Marketing Manager, Brookcourt Solutions. visibility and capacity to quickly detect and mitigate these stealthy, low-bandwidth attacks on its own, early enough to avoid the need for cloud mitigation. Should the attack turn into a flood, the on-premise system can instantly activate cloud-based defences through cloud signalling. The best place to deploy application-layer DDoS detection and mitigation measures is at the traffic entry point at the edge of the enterprise data centre or ISP infrastructure - ideally outside the firewall. Because of the small scale of these attacks, they are harder to detect and stop once they have worked their way into the data centre or network. An edge-based DDoS protection system gives operators the ability to customise detection and mitigation for the specific applications running within the data centre. Enterprises should make sure that, as they move critical assets to the cloud, they are providing the same level of application protection and not falling back to relying on WAF or other non-DDoS solutions for their DDoS protection there. @CSMagAndAwards Jan/Feb 2018 computing security 15