Cyber-Wars – are we ready to defend?

As the world evolves from paper to digital, we are becoming ever more reliant on technology and technological security. As one would expect, there is an inevitable minority who thrive on accessing confidential information and using it for their own benefit. Even large organizations with sophisticated digital security infrastructure are not fully protected. Groups, such as the Lizard Squad – who hacked Sony, Nintendo, and, allegedly, social media giants Facebook and Instagram – execute such ploys to make a point of how susceptible many organisations are to such activity.

Companies, whether local or global, large or small, are all at risk. Before Lizard Squad, a group of unknown hackers stole $5million worth of Bitcoins from Bitstamp. Bitstamp provides two types of storage. The first, known as ‘hot wallet’, allows for swifter transactions but leaves holders vulnerable to hackers. The second, named ‘cold storage’, holds the bulk of client funds off the grid. Although most of Bitstamp services were still operational the reputational damage caused their stock price to plummet 60%.

Companies are continuing to review how to improve their security to prevent “hacktivists” type activities. These organisations are becoming cyber smart by employing elite hackers to develop and strengthen existing systems or use of layered systems (discussed later). However, the issue with implementing new solutions is that the systems they seek to protect are often complex and aged, increasing their exposure to cyber-attacks.

What is a Cyber-Attack?

There are many different types of cyber-attack, some more harmful than others. The threat could come from a hacker seeking to demonstrate the weaknesses within a system. Alternatively, the hacker may have criminal intent, for example seeking to obtain private credentials, share confidential information about future plans, or release financial trade secrets.

Hackers may come from within the company, but equally emanate online through third-party access, which can stem from a connection as simple as an email from a portable device. To mitigate against such threats, it is best to prevent the use of personal devices and personal e-mails within the work place.

How can I protect my systems?

There are multiple ways of fortifying a system that vary depending on the technical requirements. For the average PC user, a simple free anti-virus/anti-malware program can be used to defend against malware (along with not pressing OK when you are the millionth customer on a website!).

For large organisations, a more complex solution needs to be adopted. A layered system is one of the most efficient ways to trigger a block, or become alerted to, any breach. A domino of firewalls, where each layer will trigger an alarm to alert the institution of an attack, will allow the would-be victim’s time to reach and resolve the problem before suffering any major consequences. Even the strength of the highest quality system will be undermined if the rest of an organisation’s security is weak, perhaps due to a lack of understanding within the workplace. Therefore organisations should also invest in the necessary education and training of employees.

In addition, the most efficient way of strengthening online security is to identify any gaps in your own systems by attempting to hack them yourself. Many companies such as Google follow this method, bringing in elite hackers from specialised firms such as Darknet who ethically hack to LEARN (their motto) the weak points of a system’s security. This provides them with confidence in, as well as insight into their security, while revealing new innovative ways to fortify their system.

Summary

The world today is digitally volatile: in many instances safer but in certain circles considerably more dangerous. This time the danger is from a “wiz-kid” who wants your cyber life or company’s benefits. We need to balance the tremendous benefits organisations and individuals gain from the internet versus the increased risks of unwanted access by a few. Focusing on cyber security is not a one off exercise but a new function to support the daily running of organisations.