November 2017: Tech Scouting Highlights

The latest insights from the SU Exponential Technology and Startup Radar team

Cybersecurity: Are You Prepared?

A secure network is paramount today, given the growing number of web-based platforms and applications. Companies must have a digital presence to stay competitive, but in so doing they leave themselves vulnerable to network attacks that can occur anytime, anywhere.

The cybersecurity industry is creating defensive mechanisms to help make every network more secure, from safeguarding against malware to preventing identity or credential theft. As more companies conduct business online and our lives become further entwined in the digital world, cybersecurity will become a more important, if not vital, technology.

Below we highlight three different aspects of the space, why they’re worth our attention, and best practices/preventative measures necessary to ensure safe network operations.

Third-party Security Risks

What is it?

The development of the 21st century economy has caused companies to contract and outsource more organizational functions to third parties. However, the integration of communication technologies (i.e., the internet) into nearly every company’s operation puts vital infrastructure at significant risk.

Third parties’ data security arrangements are hard to determine, and contractors that have vital access to systems can cause massive security breaches for larger companies. In fact, it’s estimated that upwards of 60% of current data breaches occur because of lax standards by third parties.

Why does it matter?

Third-party breaches are costly. While all types of breaches are costly, with regard to both reputation and dollars, a recent study by IBM and research institute Ponemo revealed that breaches involving third parties were 12% more costly.

More startling, the survey found that companies surveyed had on average 89 different vendors accessing their network every week, yet only 52% of them have security standards for third parties.

Additionally:

  • 63% of breaches can be traced back to third parties
  • Since 2013, the number of third-party breaches has grown by 22%
  • On average, a third-party data breach costs $157 per record lost

Best Practices

One of the major steps an organization can perform to ensure third-party security is an acknowledgement by all organization members of the threat of insecure third parties. This means pricing in the potential threat of a third-party breach when evaluating service providers.

Third-party vendor assessments can be used to guide permissioning of third parties, allowing them to access the parts of a company’s network that they need while not granting access to the larger network.

Service level agreements can also be used to mandate that third parties comply with a company’s data security requirements and allow for audits to ensure third parties are behaving responsibly with credentials.

Additionally, ensuring multi-factor authentication as well as encrypting sensitive files can limit the damage in the case of a third-party breach.

Ransomware

What is it?

At a high level, ransomware refers to a set of programs that infect company network assets and seek to use the valuable data held within against their owners. Trojan files are the traditional means of delivery for these programs, and once the malicious code is downloaded it seeks out valuable data files to hold ransom.

Once this is complete, the controller of the ransomware contacts the victim to solicit a cash payment (typically made via BitCoin or other untraceable cryptocurrency) in exchange for the safe return of the files.

Why does it matter?

Ransomware is the most popular malware for hackers to use, with 6 out of 10 total cyber attacks being classified as ransomware by Kaspersky Labs. We are also seeing a rise in development of the types of ransomware used. In fact, there were over four times as many new variants of ransomware found in Q1 2017 as Q1 2016. In all, new ransomware variants have grown 30-fold since 2015.

Additionally:

  • Ransomware attacks on businesses tripled in volume over the last year
  • A single ransomware incident costs a company $173,000 on average
  • Global ransomware damages are expected to exceed $5 billion in 2017
  • 25% of ransomware victims are businesses with 1,000 employees or more

Best Practices

The single most effective deterrent to ransomware is to regularly back up sensitive data to a storage device that isn’t connected to a network. A backup storage system can’t be infected by malware if it’s not connected to a network, so the system can remove the principal leverage of an encryption-style ransomware attack.

Another means of limiting the likelihood of a ransomware attack is to educate employees on the basics of cybersecurity. Organizations can provide training to employees allowing them to practice good cyber-hygiene when it comes to downloading attachments from emails, browsing the web, or other common means of ransomware breaches.

Strict permissioning can also prevent the spread of ransomware if it does penetrate a system. Many ransomwares use administrator accounts to execute the spread of their programming. So, limiting the number of administrator credentials and removing default system administrator privileges can stop ransomware from spreading throughout a network.

Distributed Denial of Service Attacks (DDoS)

What is it?

A typical DDoS attack is an attempt to take down an online service via an enormous amount of requests for data or tie up network resources handling outgoing or incoming requests.

DDoS attacks are extremely common and can quickly take down unsecured or ill-prepared websites and web services.

These attacks typically use a botnet to generate the multitude of requests necessary to jam a network. These botnets are composed of computers and other devices that are infected with malware. This malware lays dormant during the normal use of the machine, but when its controller activates it, the botnet can be used to make thousands of requests per second for data from a website.

This is akin to a crowd of people jamming into the entranceway of a business to disrupt the ability of legitimate customers to enter the business. Access to these botnets is for sale, and rogue operators can use these rented botnets to silence a website they disagree with or to disrupt a company’s online operation.

The most advanced type of DDoS attack is known as an Advanced Persistent Denial of Service attack. The level of sophistication and coordination for these types of attacks can overwhelm very strong DDoS mitigation technologies. The attacks can persist for several weeks and blend several types of typical DDoS attacks into one.

Why does it matter?

DDoS attacks can take down websites at the busiest times, causing massive costs in terms of lost revenue. The threat of a DDoS attack itself can be used to extort money from businesses. For example, one hacker group extorted over $100k total in protection money from businesses by merely by threatening a DDoS attack.

Although paying protection money like this sets a bad precedent and incentivises more hackers to extort money, it is not surprising that businesses pay up. Per a recent survey by IBM, the cost per hour for a DDoS attack is above $100k for 63% of survey respondents and over $250k for 43% of companies surveyed.

Additionally:

  • Botnets are available to enact small-scale DDoS attacks and can be rented for about $150 per week
  • More than 2,000 DDoS attacks occur every day
  • 84% of enterprise companies recently surveyed experienced a DDoS attack in 2016
  • Enterprise targets of DDoS attacks average $2.5 million in costs from lost revenue and attack amelioration

Best Practices

Technically speaking, it is nearly impossible to completely prevent DDoS attacks. Any network that responds to requests for information (such as a website) will be vulnerable to the overloading requests that compose a DDoS attack. However, there are preventative steps that an organization can take to reduce the harm DDoS attacks can incur.

Dispersing network architecture between several different networks and data centers can reduce the likelihood that a DDoS attack brings down a website or service. Distributed data centers with different internet providers reduces the likelihood of a single point of failure, giving a network resiliency against these attacks. Geographic diversity and internet provider diversity gives a layer of protection for organizations fearful of a DDoS attack.

Additionally, increasing your bandwidth provides another way to defend against a DDoS attack as can outsourcing your DDoS defense to specialty service providers or ISPs.

It should be noted that none of these strategies will stop a DDoS attack. Rather, they will allow for regular traffic to still use the affected network while the attack is mitigated.

Sources include: Gartner, Digital Attack Mpa, Skyhigh, InfoWorld, McAfee, and Forbes.