In today's rapidly evolving business environment, every CXO needs to feel that their organisation's information and valuable IP is safe and secure. How do organisations keep abreast of the growing attack surface and exposure that they face? It's hard not to feel like a sitting duck. An army of Cyber criminals exists in what is an ever increasing, convenient way to wreak havoc. Crime-as-a-Service (CRAAS) is flourishing as the Cyber criminal culture hones its techniques and joins the outsourcing world to earn maximum profits. Niche specialist Cyber criminals are the norm today with specialities including RansomWare-as-a-Service (RAAS), Malware Installation-as-a-Service (MIAAS) and Cash Out-as-a-Service (COAAS) available freely (scarily so).
Successful protection strategies arise from careful human insight into the approach of the attacker. Human behaviour is still the guiding mechanism to follow when considering the protection of your organisation.
Enemy Behind The Gates
The adversary is typically lazy. The adversary is doing it for financial outcome. The adversary doesn't typically write or destroy data - that would be too obvious and raise the alarm. Instead they become the enemy within the gate and impersonate a perfectly normal user or administrator to gather information and infiltrate for as long as they need! The adversary has become so sophisticated, just like James Bond, the break and enter is undetectable and all those laser security lights never once get crossed to give off the alarm. The bad guys are getting away with it and often the organisation doesn't even know it is happening. A calm and collected James Bond response is required if the attacker is to be duped of their graft.
Changing Bad Behaviours
New approaches and precautions are required as standard protections like AntiVirus software simply aren't triggered. The bad guys are no longer deploying viruses to assemble and gather valuable information to sell off in the new Crime-As-A-Service (CRAAS) marketplace. Malware free attacks circumvent the security mechanisms put in place and render them ineffective. The bad guys' sophistication today is comparable to most nation-state's capabilities. New tactics are required to thwart this enemy. The secret weapon doesn't contain a silver bullet but starts with some good old fashioned basics that might seem too simple to be true, and are often right under our noses!
- Check the Basic Hygiene of Your Network
Doing the basics in your network will always pay dividends for YOU and NOT the bad guys.
Check event logs - the system will often tell you a lot about what's going on ...who's deleted what, who's stored and copied ..who's created new system files that may be used to manipulate and acquire information.
Check alarm logs - are they even turned on? If they are off - who turned them off and when? Would you know if the alarm logs were turned off? Why would someone want to turn off logs...think about it.
Make sure files are where they should be and not in a place that they would normally not be located. For example an essential system file in a /Temp directory location just doesn't make sense.
When a font file is 5GB in size... it probably isn't a font file! Adversaries are clever in that they will name an information gathering file to look like an innocent system file that goes unnoticed by anti virus software and administrators - some common sense checking really works.
Each one of the basics above (and there are many more) could be a symptom that someone else is rummaging in your environment and gathering information (valuable information) they are not supposed to have access to.
- Make life Hard for the Attacker - Increase their Workload
Human nature always plays its part. The would be attacker will seek the weakest, quickest and easiest target. They need to infiltrate, gather information, get it out (exfiltrate) and leave the network undetected, with the least effort and risk of discovery. If they're not discovered they can come back again! Partitioning or limiting where valuable information is kept makes it harder for the attacker to gather information. Limiting access of information or securing it so that only those that need to have access, aligns with every piece of model housekeeping and good common sense. Information dissemination is most often based on goodwill and trust. That's fine until you have an enemy in your midst. Unfortunately, in this day and age, goodwill and trust is preyed upon by the adversary and therefore needs considered attention. In fact, the adversary is relying upon the predication of goodwill and trust - they need an easy life! Is company data being stored in rogue applications like Dropbox or unmanaged instances of SharePoint? Instances of "dark collaboration" is a significant attack vector that is often overlooked.
- What to do to Turn the Tables?
Frustrate the adversary and limit where data and information is held so when they go looking they don't find the gold. It may be harder to internally manage but will keep your valuable information safe.
Harden Up security on end-points as you are only as strong as your weakest link. Adversaries are looking for an easy entry point to build their credentials and legitimacy on your network and they will exploit any innovative way to breach your environment stealthily. The modern expectation of BYO has created opportunity for the adversary.
Security Trim your information by deploying a classification culture of information in your organisation. A posture of precaution in a policy framework that stipulates that "not everybody needs to see every piece of information" can pay huge dividends. In understanding that the adversary is stealthily impersonating a legitimate user, releasing sensitive and valuable information based on roles and permission attributes of the user can be a really effective way to stop the adversary getting to the information jackpot.
Precautionary Policies and Procedures (PPP) are recommended, and innovative collaboration systems such as Berkeley's Enterprise Security Services Platform (ESSP) has struck the balance of creating a ubiquitous centralised information repository (so that information doesn't get lost) with the clever release of information based on roles and privileges. Those that are eligible to access the data may do so whilst those that are not are precluded from even discovering the data. The adversary impersonating a legitimate user would have to understand exactly who has rights and who hasn't to gain access to sensitive information. In most cases this is simply too hard and complex for the lazy and time poor adversary who would likely move on to more conveniently lucrative pastures.
- How do you create a Secure Single Information Repository?
Microsoft SharePoint delivers a vehicle to contain an organised system of information holdings for an entire organisation. The benefits of a single repository aids an organisation in information management and optimises efficiency and minimises IP loss. Where a single information repository resides, the need to securely manage this information becomes imperative to protect the organisation from inadvertent misadventure and possible malicious intent.
- Single Repository With Comprehensive Security Management
Based on roles, hierarchy or whatever pertinent groupings apply, Berkeley's ESSP solution allows for easy security classification of information stored in the SharePoint system which embeds the classification for the documents life cycle. Different users would gain access and view to different documents whilst accessing the same repository, commensurate with their individual rights and permissions associated with their role and groupings (or seniority). The classification of the document is then referenced to the individual's rights and permissions so that comprehensive secured management of information is achieved, to deliver the right information to the right people, and preclude those who are not eligible. In this way, information is partitioned to protect indiscriminate release and access to company information to create the highest possible level of security of information management. This makes it much harder for the would-be attacker to gain sensitive information from within.
- Benefits of Implementing an Enterprise Security Services Platform (ESSP)
ESSP simplifies information management by adding data classification and enforcement to your SharePoint content. It works by storing sensitive and non-sensitive content in the same place. It includes:
• SharePoint Data Classification and Metadata Security
• Incorporation with e-mail, document and Windows Explorer Security
• User Attribute Based Access Control (ABAC)
• Simplifies Permission Management for non-IT staff
• Active Insider Threat Protection
It remains to be seen where the asymmetric war against Cyber criminal activity takes us. The hunch is that one of the oldest industries in the world will continue to pursue the vulnerable and unprepared - but as always, a protective and precautionary posture within an organisation can go a long way to sending the Cyber criminals along their way to other more convenient and less prepared pastures. To find out the questions every CEO should be asking their CTO or CISO, download the CEO Security Handbook today.