How to plug one of the most overlooked security vulnerabilities for any business
Mon 29 May 2017 - 9:26 amSecurity | Tech
In this digital era, most businesses rely on online processes and applications as the backbone of their operations. Manual and paper-based procedures are dwindling as automated and computer-based systems take their place.
This increasing digitisation is making businesses more efficient and streamlined, but it also comes with risks that need to be mitigated. Recently, one of the world’s largest insurance companies, Lloyds, warned that the Australian economy faces a potential damage bill of $16 billion over the next decade as a result of cyberattacks.(1)
Many Australian businesses are lulled into a false sense of security in the mistaken belief that they are too small, isolated or insignificant to be the target of a cyberattack. Yet this couldn’t be further from the truth. Every organisation is a potential target.
This was illustrated by the recent attack from the ransomware known as ‘WannaCry’, which hit a handful of Australian small businesses after attacking thousands of computer systems worldwide. Ransomware effectively locks up a user’s or organisation’s files, making them inaccessible until the victim pays a ransom to the perpetrator. The amount is usually small enough to be affordable, encouraging payment. However, companies that pay the ransom often find themselves the victim of further attacks, since the cybercriminals have now identified them as a target that is willing to pay.
Ransomware isn’t the only risk facing Australian businesses. Often, organisations are targeted not for the information they can provide but for the doors they can open into other, more lucrative targets. Cybercriminals are no longer loners in a dark room. Instead, cybercrime has become a well-funded, lucrative industry in which expert hackers are paid a living wage to spend as much time as it takes finding and exploiting vulnerabilities.
In practice, this means cybercriminals have almost unlimited time and resources to spend probing organisations to find gaps and opportunities to get into the network and use that access to gain progressively more access until they hit the jackpot.
By contrast, most organisations are preoccupied with the work of running a business, of which the IT operations form just one part. Security efforts are, in turn, just a small component of overall IT operations. Consequently, there is simply no way Australian businesses can beat cybercriminals just by throwing more resources at the problem.
Instead, businesses need to be smart about how they protect themselves. Too often, businesses focus on the wrong aspects when looking to secure their corporate IT assets and the business processes that run on that environment.
There are two sides of the security equation: inbound attacks; and outbound traffic. The industry has done a good job educating businesses about the importance of preventing inbound attacks, and most companies have some form of protection in place, whether it’s as simple as a firewall or anti-virus, or as complex as a full intrusion protection system.
What’s misunderstood generally is the importance of outbound data. When businesses consider security, they must do so from both the inbound and the outbound perspective.
No matter how effective perimeter protection is, most networks are likely to be breached at some point. It’s important for the organisation to control the damage by containing it. That can be achieved by not letting the attacker conduct outbound communications. It’s those outbound communications that let the hacker download the payload, whether that’s a piece of malware, ransomware or a key logger. By blocking that outbound communication, the business can render the attack useless.
Because the importance of preventing outbound communication isn’t well understood, most businesses don’t have strong security measures in place. However, there are effective technologies to block and manage outbound traffic; chiefly, proxy servers.
IT managers are often reluctant to implement proxy servers because they can make it difficult for employees to access a website’s application plugins like a Facebook app, or other non-business related sites and apps, and simply patching the application with updates can be challenging. The impact on the user experience attracts a lot of complaints, so IT managers often open up a port here or there so users can access their favourite sites and apps. However, this defeats the purpose of the proxy server, which can be an extremely effective way to protect a company’s data both in the cloud and on-premise.
Organisations need to remember that protecting outbound communication is the single most important aspect of neutralising attacks. Implementing a transparent proxy server is the most effective way to do that.
About the author
Dayle Wilson, General Manager, Operations, Brennan IT, has over 20 years’ experience in Cloud, IT, Security & Telecommunications. Dayle has a deep passion for solving customers’ business challenges and brings his vision, creativity and discipline into everything he does.