By Tom Holloway, head of cybersecurity, Redcentric
Cyber security has been a topic high on the news agenda this month, following the cyber-attack on the UK electoral register and the Northern Ireland Police data breach over the past few weeks. As a result, many businesses may be implementing risk assessments and reviewing how protected their stored data is over the next few months.
According to the government’s Cyber Security Breaches survey in April 2023 almost a third (32%) of businesses said they had experienced breaches or attacks in the last 12 months. This was much higher for medium businesses (59%), large businesses (69%).
To help businesses understand how to protect themselves from cyber-attacks, Tom Holloway, Head of Cyber Security Services at Redcentric, shares his top tips and advice on the best steps to take:
- Understand the different types of cyber-attacks
First and foremost, it’s important to understand what threats you need to protect yourself from. Businesses that provide different services and rely on different technologies will naturally be targeted in different ways. That said, there are many common attack vectors that attackers can use. Securing yourself against these methods and implementing the basics should always be the first step.
Attackers use numerous methods to achieve their goals – referred to as their Tactics, Techniques, and Procedures (TTPs). Some of the most common ways of an attacker breaching a victim’s network are social engineering, abuse of weak or leaked credentials, and the exploitation of software vulnerabilities.
Increasingly in recent years, attackers have turned to ‘ransomware’ as a means of delivering the knockout blow to a compromised network. The objective of this type of attack is to extort the victim for financial gain. This often involves so-called double extortion, with the attacker blackmailing the victim for both the decryption of their systems, and the destruction of any stolen data.
Any business can be extorted – but the bigger the victim, the bigger the prize. This isn’t just in terms of the company size, but in the criticality and sensitivity of their business operations.
- Ensure your risk register is up to date
To help businesses carry out risk assessments, the government recently released its National Risk Register 2023. The document outlines potential risks and emergencies that could ‘pose a serious threat to the safety and livelihoods’ of the public, such as a repeat of the global pandemic.
Cyber risk features heavily in the 2023 edition, so I would highly recommend taking a thorough read through. Cyber attacks on infrastructure are classified as highly likely, with a moderate impact. However, it’s worth considering that cyber is often a means to an end, and can intertwine with various other risk areas. Cyber attack scenarios are considered in the context of various industries, such as gas, electricity, nuclear, fuel, health and social care, transport, telecommunications, and banking.
Chapter three in the document provides advice around understanding risk, taking steps to prepare for risks, knowing how to respond, and helping with recovery.
- Reduce your digital attack surface by finding and fixing vulnerabilities
It is very important to make sure you continue to download and install software security updates when they are released, to manage ‘vulnerabilities’. These are software flaws or bugs that can be exploited to bypass security controls. Vulnerability management is something organisations have been doing since the 90’s, but it remains a significant challenge, and we are seeing attackers adopting this method more and more. Naturally, as attackers rely on it more, they dedicate more resources to finding and weaponising vulnerabilities. In 2022, businesses disclosed 25,080 vulnerabilities4, an 18.78% increase over 2021, of which 50% were ranked critical and high.
By implementing a comprehensive patching policy, that includes operating systems and third-party software, businesses can significantly reduce potentially exploitable vulnerabilities, and minimise the primary attack vectors criminals will aim to target.
- Monitor your network for signs of malicious activity, and prepare to respond
In cyber security we have to assume that compromise is inevitable, and the most important thing is to be able to quickly identify and respond to it when it does happen. Monitoring your network for signs of attempted exploitation and indicators of compromise on a continual basis is key, and is an increasingly standard security requirement for company security accreditations and also things like cyber insurance.
There are many technical solutions available to organisations of different size, scale, and budget that can help them to reduce their susceptibility to cyber attacks. In addition to the technology, preparing your people and processes to respond decisively and effectively in the event of specific cyber incident scenarios is key. Not all cyber incidents are the same, and they can manifest in very different ways. Regularly updating your plans and rehearsing a response is a great way to minimise the severity (and cost) of a cyber breach.”
- Backup your data – and test recovery
Ensuring all your sensitive and important data is adequately backed up is essential, especially to protect your business from ransom attacks. These backups should be separate from your core network to ensure they can be reliably called upon for recovery.
However, testing the practicalities of your disaster recovery and backup restoration is equally important. When preparing for disruptions, businesses need to identify their priority activities, the supporting systems and applications critical to those activities, and their dependencies to internal and external teams. In so doing this results in documented Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPO) for systems, applications and their associated data, which can then be tested and validated.
Cyber attacks can easily derail those documented and tested RTOs and RPOs, because alongside production and recovery IT assets, backups might also be infected. If so, then a traditional cutover to the IT disaster recovery (DR) environment might be the wrong thing to do, because the cyber-attacker will be right there in the recovery environment as soon as you switch operations to your alternative data centre.
For more tips and advice on how to mitigate cyber security attacks effectively, click here.