Category Archives: Threat Management & Cyber Intel

Why investing in cybersecurity technologies is a good bet

With advancements in information technology, data transmission and storage get cheaper and efficient. In today’s digital economy, data is the new oil and companies collect and generate large volumes of data known as ‘big data’. This enables smart choices for businesses to innovate and transform business processes and services. However, this revolution comes with consequences of cyberattacks on digital assets. The sophisticated cyber-attacks by hackers and continuous surveillance by cybersecurity professionals have become a cat and mouse situation.

As cyber adversaries are dynamic, motivated and intelligent, organisations are facing persistent and constant cyberthreats. The top cyberthreats include phishing, malware, fireless attacks, ransomware and insider. The hostile actors and environment have made cybersecurity a war and it is vital for organisations to prepare and prevent the cyberattacks.

One way to fight against cyber adversaries is investing in affordable and effective cybersecurity solutions. Cyber security technologies automate the security processes and systems detect malicious activities in real-time. Cybersecurity involves defending applications, networks, endpoint and cloud from malicious cyber-attacks to ensure integrity, availability and confidentiality of critical IT infrastructure. There are ranges of cybersecurity technologies available to protect different areas of IT infrastructure.

Investment in cybersecurity technologies is a good bet

A typical data breach affects many facets of businesses such as brand reputation decline, intellectual property and customer retention. More unsettling, it takes an average of 198 days to detect a data breach, 69 days to contain a breach after detecting it and 75% of American consumer would not buy from a business with lax cybersecurity.

Companies should treat investment in cybersecurity technologies as CAPEX as opposed to a red line in the annual budget. It should be viewed as long-term, fluid and performance driven along with quantifiable goals (KPIs). It is good bet to invest in cybersecurity technologies because of range of financial and non-financial benefits.

Avoidance of cybersecurity incident cost: A security incident cost millions of dollars to a company. In the US, an average of data breach is $8 million and $240 per record, which more than twice the local average. This includes system and employee downtimes, lost customers and revenues and lost opportunities. For instance, an average economic cost of Cyberattack on mid-sized healthcare company is $23 million that includes $11 million direct and $12 million indirect costs. The investment in cybersecurity technologies can save companies millions of dollars and protect their brand from public embarrassment.

Increase customer trust and confidence: The strain of network breaches and mishandled data tarnishes the image of companies and a wide number of companies are infamous for such incidents. An investment in cybersecurity is a differentiating factor and strong selling point when it comes to customer acquisition and retention. An investment in cybersecurity sends a signal to investors that sensitive information and privacy is protected and is also priceless. Cybersecurity investment create buzz, and creates brand loyalty with customers because it highlights that companies take cybersecurity responsibility seriously. 

No regulatory fines and ensure compliance: In the US, the cybersecurity regulations were introduced in 2017 and being a victim of a cybersecurity breach, a company can be subjected to further regulatory reviews, which include audit, review of incident response plans, addition tax compliance and limits on privileges. It does not stop there; the regulations come with fines and penalties which could ruin a company reputation amongst investors’ lenders and insurance companies. An investment in cybersecurity technologies ensures a business is complaint and successful.

5G and IoT: There are 27 billion IoT devices with expected growth of 75 billion by 2025. IoT will substantially benefit from higher bandwidth of 5G because more devices can be connected to IoT networks. IoT devices will facilitate business to deliver better value for customers. However, with growth in IoT the cybersecurity challenges are expected to increase because IoT is vulnerable to cyberattacks. This includes IoT domain attacks (Man-in-the-middle, denial of service attack, device cloning and hijacking), IoT network attacks (spoofing, protocol tampering and false base station) and IoT application attacks (theft of data, malware and unauthorised access).

The role of cybersecurity technologies is to secure devices, manage device updates, authenticate devices, secure communication and protect data integrity. A business planning to utilise IoT to deliver higher value to customers should invest in robust cybersecurity solutions to extract customer value.

Usefulness of cybersecurity technologies

Intrusion prevention systems (IPS): As a proactive network security, the IPS detects incorrect, inappropriate and malicious activity that could disrupt availability and integrity of network and prevent identified threats. These actions include blocking network traffic, dropping malicious data packets and resetting connections. A cost effective approach to apply IPS is off-the-shelf cybersecurity solutions that offers full-fledged IPS functionality.  

User and entity behaviour analytics software (UEBA): UEBA solutions monitor user’s actions, location, behaviour and privileges to detect threats in time and in case of network misuse or strange behaviours, the software alerts security personnel. UEBA is useful to detect insider threat, create behaviours profiles, detect brute force attacks, detect compromised accounts and in some ways predict some future threats.

Virtual dispersive networks (VDN): Cryptography was considered useful in protecting information within computers and when information sent over the internet. However, Man-in-the-Middle (MIM) has changed the scenario through cracking encryption of messages. VDN uses military radio technology and applies it to cybersecurity by breaking the message into many regions using different protocols on independent paths thus ensuring each part is encrypted individually. The three key features of VDN are unprecedented security, network resilience and performance of network.

Multi-factor authentication (MFA): As an identity and access management technology, MFA requires the user to provide two or more verification factors to access the digital resource. Along with ID and password, MFA requires additional verification such as ‘something you know’, ‘something you are’ and ‘something you have’ which decreases the likelihood of cybercrime. In the U.S, the National Institute of Standards and Technology (NIST) recommends the use of MFA to protect sensitive data like financial records, email, user databases and health records.

When compared to severity of cyber threats and their impact on business, the cybersecurity solutions are not expensive. An investment in cybersecurity technologies is best bet to increase customer trust, reduce exposure to cyber incident cost and regulatory reviews, and protect valuable assets of the business. An investment in cybersecurity technologies is forward thinking for businesses to monetised and realise sales, loyalty, opportunities, business agility and stakeholders’ relationships.

Cybersecurity in Real Estate & Finance

In the US, the real estate industry has 335,000 companies with combined revenues of $380 billion and the top 50 companies accounted for 20% of total revenues. According to FBI, the real estate cyber attacks complaints increased by 500% in 2018 with $7 billion worth of financial losses. KPMG survey shows that one-third of real-estate firms have experienced a cybersecurity attack in the last 2 years and 50% of respondents mentioned that their firms are not adequately prepared to respond to a cyber attack. The property managers, developers, brokers and agents, real-estate firm and appraisers hold significant amount of confidential personal and corporate information and this makes real-estate a vulnerable and high-value target for cybercriminals.

In real estate, there are specific vulnerabilities for hackers to exploit. The information systems contain large amounts of personal identifiable information and real estate professionals exchange huge amount of personal and financial data such as deal and payment terms. With distinctive business models and relative technological unsophistication, the real estate industry faces cybersecurity challenges of business email compromise (BEC) and data breaches.

Business email compromise (BEC)

In a BEC exploit, hackers gain access to personal or business email and imitate the owner’ identity to trick customers, partners and employees. BEC is one of the most prevalent cyberthreats in real-estate and three common techniques are illegal access, social engineering and urgent payment requests.

With illegal access, cyber criminals gain access to victims system using spoofed emails, spear-phishing emails and malware. The spoofing involves slight variations on legitimate email addresses, spear-phishing involves making the victim believe that email from trusted supplier and malware are used to infiltrate network to access internal data. With social engineering, the hackers use social media information to target the victims and access the owner email account. In real estate, the three specific types of BEC scams are CEO fraud, false invoice and account compromise. With CEO fraud, hackers pose as the company CEO and send emails to employees to transfer funds. In false invoice, attackers pretend to be suppliers and request fund transfers to accounts owned by fraudster. Finally, account compromise involves hacking and using executive or personal accounts to request invoice payments.

For example, before the sale of house, the buyer receives an email from the real-estate agent with specific details containing date, location and time of deal closings and how to wire money. The hackers can generate such emails and get funds transfer to his/her account. According to the FBI internet complaint centre, the mortgage close wire scam has seen a 1000% increase in 2018 with a total financial loss of $56 million.

Data breaches

With data breach, the sensitive, confidential and protected information is shared and used by unauthorised persons. In real estate, the two common techniques used by hackers for data breach are brute force attacks and malware. The brute force attack involves guessing username and passwords and especially with cloud computing, vulnerabilities have increased with credential stuffing. On the other hand, malware attack involves injecting malicious software into a system to gain personal information. The goal of data breach is steal personal identifiable information to compromise identities, steal money or to sell it on the DarkWeb with huge consequences for the company including damage to customer relationships relationship, company reputation and loss of potential business.

In real estate, data breaches present a real imminent threat with potential financial, legal and reputational consequences. Real estate firm holds huge volume of client information including names, identification number, passwords, addresses, financial details and family records. For example, in the ‘Frist America’ data breach hackers compromised 885 million users’ accounts.

Cybersecurity risks in Finance

Despite the fact, cybersecurity is cornerstone in financial industry; the cyberattacks have become common practice. Financial institutions hold valuable customer and other sensitive data and hackers frequently attempt to break into these networks to steal information for illicit economic advantages. According to statistics, cybersecurity is number one risk for the financial industry with 1 in 3 successful cyber attacks.

Cybersecurity risks in financial industry

  • Data breaches: Data breach is the utmost cybersecurity challenge for financial institutions. A data breach exposes sensitive, confidential and protected information to unauthorised persons and hackers steal millions of customers’ records. In the financial industry, data breach involves credit reporting companies, payment processing companies and banks. For example, Equifax data breach resulted in 143 million accounts compromised, JP Morgan data breach had 76 million user data leaked, and CaptialOne has compromised 100 million customer data as well as data processors international had 8 million credit card numbers stolen.
  • Mobile App security risk: Mobile applications provide real-time information to customers and leverage real-time information to conduct online transactions. However, mobile applications present cybersecurity risks because they lack full-proof security modules and codes. The cyber criminals leverage weak security measures and controls to steal customer data. In particular, the cloud based services on which banks rely make things more complicated. The communication and collaboration is subject to man-in-the-middle attacks, network penetration and invalidated redirects. During COVID-19, the FBI has issued multiple alerts for banking Trojans and fake mobile banking apps, which trick users into entering authentication credentials on the malicious applications, including web applications.
  • Ransomware attacks (DDoS): Ransomware is malicious software that locks out users from accessing important documents or freezes systems to legitimate access thus rendering an encrypted system or locked system until a ransom is paid. During COVID-19, ransomware attacks have increased by 520% with a rash of ransomware attacks on bank technology providers such Cognizant and Finastra. With ransomware, the critical business data is locked, leaving financial institutions unable to serve the customers.

According to FBI, the financial industry has paid $1 billion in ransom attack in 2019.

  • Insider threat: Financial institutions invest time and resources to secure technological aspects such mobile apps, websites and ATMs. However, insider risk is one of the biggest risks for financial institutions. The insider threats include unintentional act such as employee opening a phishing link or clicking on spoof website. On the other hand, the intentional act of rogue or disgruntled employee poses even greater threat through unauthorised use of credentials. The employee can steal sensitive information or damage systems to harm the reputation of the financial institution.  For instance, the data breach at CaptialOne was organised by an insider ‘software engineer’ who hacked into a cloud-based server containing CapitalOne assets. Likewise, a financial advisor of Morgan Stanley transferred the personal identifiable information of clients on a personal database server and hackers breached the security of that personal server. 

The cybersecurity aspect in real estate involves traditional challenges of access management, network intruders and encryption. The unsophisticated technologies and lack of knowledge of cybersecurity dimensions have resulted in risks of business email compromise and data breaches. On the other hand, the financial institutions face complex and dynamic challenges of system vulnerabilities and insider risk. The financial institutions need to deploy advance technologies to manage emerging technological challenges as well as internal control to manage the activities of employees.

Cybersecurity Risks of 5G

The 5th generation of cellular networking (5G) is a game-changer and is shaping up to be paradigm shift to spur the fourth industrial revolution. In contrast to 4G, which was designed for communication and applications, 5G is designed for Internet of Things (IoT) to foster an environment that connects the virtual and physical worlds to enrich and empower lives. The technical attributes of 5G are network slicing (network-as-a-service), virtual networks rather than physical architecture, ultra-low latency and enhanced mobile broadband speed.

In an economic context, it is estimated that 5G enabled industrial digitalisation will add 22 million new jobs and expected to pump $12 trillion in the US economy. The plethora of benefits of 5G includes lower network latency, greater bandwidth, increased data speed and higher reliability. 5G is the connective tissue of IoT that not only will it be linking and controlling robots but revolutionising industrials equipment, medical devices and agriculture machinery.  The applications of 5G include smart cars and transport, Telehealth services, smart grids, smart inventories and augmented, virtual reality (AR/VR) and so much more, the possibilities seem endless.

5G and cybersecurity landscape

However, extraordinary technologies such as 5G brings new cybersecurity threats and vulnerabilities.  For instance, hackers have sabotaged home appliances, breached security of dams and stopped internet-connected cars. The emerging cybersecurity risks and challenges associated with 5G can be categorised as infrastructure risk, platform risk, location risks and device risks.   

  1. 5G has moved away from hardware-based centralised switching to software based digital routing (SDN). The move from traditional hardware (switches and routers) toward software approach that is distributed openly increases the network vulnerabilities because it enables the hackers to attack from multiple dimensions, which might not be protected as the old hardware approach to utilise hardware as choke points. Attackers can gain control of the software managing the network and can control the entire network and this poses significant infrastructure risks.
  2. The billions of new IoT devices create new vulnerabilities for medical and transport as well as public safety devices – all which are uniquely vulnerable. This poses overwhelming risk and the attack surface will be difficult to overcome. For instance, cyber attackers hack smart grids and cut-off the electricity, which could put many lives in danger and this present additional platform risks.
  3. 5G relies on low-cost, short-range and physical antennas that need to be placed in building and streets. This dynamic spectrum sharing involves breaking up the levels of bandwidth into slices for speed and efficiency. The greater bandwidth expansions bring new avenue of attacks and small antennas become source of prey for cyber attacks and this presents significant location risks
  4. IoT botnets are more powerful and larger than application based malware and 5G data speed will make the problem worse. The malwares and botnets will spread faster with faster networks with the potential for rapid increases in infected systems and devices. For example, ransomware can be used to hack IoT device and can be used as a weapon to commit an act of physical sabotage or disrupt the entire system and this presents significant device risks.
  5. With 5G, there is increased dependency on third-party suppliers because there are more components involved with 5G than current network infrastructures. For instance, Huawei is largest supplier of 5G components that are needed for an efficient 5G network. The increased reliance on Huawei presents security risks such as a monopoly and increased opportunities for espionage, which presents national security risks.

Mitigating 5G risk

The three steps that can make it difficult for bad actors to exploit 5G network vulnerabilities are; (1) resilience of infrastructure network, (2) access management and (3) review and monitoring.

  1. For resilient network infrastructure, there is a need to ensure that one or several components failures will not impact the entire network. The network should be designed with defense in depth using segmentation and redundancy. The segmentation approach makes it resource-intensive and time-consuming for hackers to move between layers. Moreover, redundancy ensures that networks do not rely on single components and in case of failure of certain components; the remaining network can perform the intended task. For instance, if a hacker shuts down one antenna, the antenna from another supplier at a different location would able to pick up the slack of the compromised location. In the UK, the regulation requires cellular operators to use two different suppliers in network infrastructure and Nokia and Ericsson are supplying a large share of 5G components. 
  2. Access management is critical to manage platform risks and to secure networks, the cellular company must regulate and monitor supplier access to networks. For instance, the patching process or software update mechanism should be closely monitored. Access management involves supervising suppliers when working on the network and limiting time and resource access for suppliers. The use of proper protocols and procedures would ensure the integrity and availability of the network.
  3. Reviewing and testing is critical to safeguard 5G assets and this protects against accidental or backdoor vulnerabilities. Moreover, the monitoring of network activity helps to identify unusual behaviour and highlight malicious activity. The virtualisation of 5G provides an opportunity for superior testing and monitoring from multiple dimensions rather than a single inferior product.