The world is constantly evolving and, with the continuously growing emphasis on technological innovation and development, the exponential growth of the holistic integration of technology into society continues. The way in which people interact over the internet has radically changed over just the last ten years. Businesses have adopted data-driven decision making in their information systems. The migration of data from local devices to cloud storage, and the application of cloud services in day-to-day operations in business and personal lives has become significantly more commonplace. These technological advancements have contributed to global convenience and interconnectedness. However, with the increasing reliance on technology for everyday operations, this opens the avenue for wider-scale and more impactful cyber-attacks.
According to studies undertaken by cybersecurity research firms, the number of cybersecurity attacks has been steadily increasing in recent years. The number of reported data breaches and cyberattacks in 2020 was greater than in previous years, and this trend is only continuing. Additionally, attack frequency and complexity has also increased, with attackers applying the use of advanced cyberattack techniques such as A.I and machine learning to bypass network detection and raise the rate of successful attacks. Putting into consideration that many businesses store pertinent information digitally, the fallout of these attacks are of an even greater detriment to organisations. This is because, once again, due to the wealth of information stored on a company’s systems and on the cloud, an attacker will have greater leverage on what can be used against the company in a ransom situation or data thievery. A prime example of this being the Health Service Executive of Ireland suffering a ransomware attack on May 14, 2021. It caused all of the agencies IT systems to be shut down nationwide and cost Ireland over €80m, making it the largest recorded cyber attack on a health service’s system, and the most detrimental cyber attack against an Irish state agency.
For a cyberattack to be fulfilled, the attacker needs to find a way into the target system that can be used to their advantage. This is what is meant by a ‘cyberattack vector’.
• Malicious Links or Attachments in Phishing Emails: These attacks are designed to infect a device or steal information when opened, and thus are executed by social engineering i.e., human error, trickery and deception.
• Software/Hardware Vulnerabilities: These can be exploited to gain unauthorised access to a system or network.
• Unsecured Networks or Devices: Negligently configured or unstandardised security configurations on networks and devices are prime targets for attackers to gain access to them respectively.
• Supply-chain Attacks: An attack that targets the supply-chain rather than an organisation itself. The attacker compromised a third-party vendor or supplier in order to gain access to an organisation’s network or systems.
By exploiting these cyberattack vectors, an attacker can unleash any method of cyberattack they wish on the target network or system; the type of attack they use will likely depend on what they hope to achieve with the attack, the nature of the data they are targeting, and the specific vulnerabilities of the target. For example, phishing attacks my be an attacker’s method of choice when targeting a company whose staff may be relatively less technologically-inclined as it would be more effective there than other targets with higher social engineering awareness.
• Phishing: A social engineering attack that aims to use social engineering to deceive/mislead individuals into providing sensitive information or clicking malicious links. A successful phishing attack can often be a precursor to other cyberattacks.
• Malware: A cyberattack that uses malicious software such as viruses, ransomware, or trojan horses to infect a target device or network, and steal or encrypt sensitive information.
• Denial of Service (DoS)/Distributed Denial of Service (DDoS): This method of attack is meant to shut down a machine, network, or server by overloading it with traffic and causing it to crash. This makes it inaccessible to legitimate users, thus “denying them service”. A DDoS attack will use the same method to attack multiple connected online devices, increasing the scale of attack.
• Man-in-the-Middle: These attacks can take various forms, but the common approach is to incept and modify data sent between a client and server. They can be used to steal information such as passwords, banking information, or personal details, or spread malware.
• Advanced Persistent Threats (APT): A long-term, targeted attack executed typically by cyber-criminal groups to infiltrate an organisation’s networks and steal important data. These attacks are contemporarily significant, as the Russian government have been accused of orchestrating some of the most complex and effective cyberattacks on Ukraine, using APTs to steal sensitive information from the Ukrainian government and private organisations.
Especially true in recent years, the risk of cyberattacks is ever-present and ever-growing. Be it on a personal or organisational level, the fallout of a successful cyberattack can be devastating. So, the key determining factor between an organisation that falls to a cyber attack and one that thrives in spite of one is preparation.
Cyberattack preparation encompasses three main steps: the evaluation of an organisation’s current cyber attack readiness situation, preparing for cyberattacks, and what do if a cyberattack occurs.
Where is your business in terms of cyber attack readiness. If a cyber attack were to occur, would it be equipped to respond to it? For organisations, especially SMEs, a properly employed incident response strategy can be the best defence against the threat of cyber attacks that might result in the squandering of cost and resources that may not be affordable.
To properly prepare for a cyber attack, the organisation needs to ensure certain factors are in place.
• Incident Response Team: Does the organisation have a dedicated incident response team? Are the roles of each response team member clear? Does the team contain the necessary components including incident commander, analysts, forensics specialists, technical specialists, communications specialists, business continuity specialists, training coordinators, etc?
• Staff: Is the general staff aware of the dangers of cyber attacks? Have they been trained about cyber attack prevention and had cyber attack vectors and types explained?
• Training: Is cyber attack awareness training mandatory? Are new hires briefed on them as soon as they join the organisation? Are drills executed and evaluated? Are training sessions and drills undertaken often?
• Compliance: Do your policies align with legal regulations? Do they comply with the standard these requirements assert?
• Firewalls
• Anti-Virus and Malware Software
• Virtual Private Networks (VPNs)
• Multi-Factor Authentication (MFA)
• Data Loss Prevention Solutions
• Penetration Testing and Vulnerability Management
Before suffering a cyber attack, it is imperative that a cyber attack counteraction protocol is developed that will detail what actions are to be taken in the event of an attack. Steps that should be taken to prepare for a cyber attack include:
Even after following best practices and preventative actions, the reality is that successful cyber attacks can occur. To the degree to you fortify your organisation’s security, a dedicated attacker may put the same effort into launching a successful attack. In this case, responses must be undertaken quickly and accurately to ensure that the incident is isolated and data loss is kept to a minimum.
•Identify and Assess the Attack: Determine what type of attack was used in order to better understand other factors of the incident. Identify and analyse the vector and trace it back to its origin. Then, assess the extent of the damage.
• Isolate the Attack: Ensure that affected systems and devices are isolated to prevent them from spreading. If necessary, disconnect them from the network. Take any of the affected services offline to prevent the attackers from using them as an attack vector.
• Eliminate the Threat: Ensure to remove the malicious software and apply patch management to remove software vulnerabilities. Reconfigure network settings and update outdated systems that will be easy to exploit. In this way, attacker will not be able to use the same attack vectors as before. Furthermore, if any business accounts were compromised in the attack, reset the passwords allocated to those accounts.
• Restore Data and Processes: If the threat has been successfully contained and eliminated, return any systems or services that were shut down to online status. Restore any lost data with backups or data recovery tools.