Aaron Pickett, Digital Forensic Examiner at IT Group UK Ltd highlights proactive security as a way to protect the public sector from possible cyber attacks
There are many out there who claim that online criminal activity proliferation, such as the spread of ransomware, the attack of large corporate networks and website defacing, is one of the biggest emerging threats to businesses, government bodies and public sector organisations worldwide. This is something of a myth; online criminal activity has been around in large quantities for a very long time, the so-called proliferation is more the result of increased media and public interest.
Despite this, high-profile cases, such as the WannaCry attack that took a grip on many sectors of the NHS, are increasing public awareness. Where once it was not understood, ransomware (and other malware types) are becoming common-knowledge. The addition of legislation requiring some element of disclosure following an attack has meant that fewer and fewer ‘cyber attacks’ are being swept under the carpet. The net result of this is that organisations are required to do far more to protect their data and interests.
What you can do
Preventative strategies are key elements of an effective cyber security programme. Proactive security, as it is known, can ensure that an attack is less likely to succeed and there are many ways to accomplish this (see below). In addition, one of the key strategies employed against malicious software (malware) is user education. The importance of updating hardware and software, not opening unknown attachments and remaining vigilant against network attacks is the most effective method of protecting any organisation. In spite of this, pushing these lessons in a way that individuals will learn, act upon and make part of their daily routine is one of the main challenges facing security in the 21st century. The technology is there to protect the majority of systems, but the human element remains the biggest weakness.
What we can do
IT Group provides all of the proactive security services listed below, and additional areas including Wi-Fi security testing, White-Box Phishing Campaigns and Security Consultation. Reactive services, including post-event Penetration Testing and Digital Forensic Imaging for the preservation of evidence can build a picture of what has happened, allowing reporting to the Information Commissioner, shareholders and the public at large with accurate facts that show the extent of the damage caused.
Penetration testing is one of the most well-known strategies of proactive security. Penetration testing uses a simulated scenario of an attack, testing the defences that are currently in place on the network and exploiting any areas that a weakness can be found. Penetration testing can be conducted in a way that will test the IT technicians’ responses to an attack by not informing them of the test, or a more thorough attack that will use the IT Technicians’ knowledge to target the different areas of the network more accurately.
One of the key areas that many forget to test is internal. A network attack from a person with malicious intent (a hacker, for example) will not necessarily come from an external source, such as across the internet. It is just as likely that the attack could come from an insider who is already within the network; a rogue ex-employee whose access was not revoked, an employee with a grudge, or a temporary sub-contractor. Internal penetration tests are, therefore, just as important as the testing of any external endpoints such as websites, remote access gates or network firewalls.
Vulnerability scanning is the practice of scanning open ports on machines and creating a list of potential vulnerabilities that an attacker could be used to leverage access to a machine on the network. This is a stage that will be conducted during a penetration test, but does not perform any further attacks to see which vulnerabilities are exploitable. Despite this, vulnerability scanning is an effective way of gaining a picture of how the network is protected and what, if any, weaknesses are present.
Incident response planning is an important step for any business to take. No matter how many precautions are taken to stop a security incident from occurring, there is always the chance that an attacker could slip through the net, or a user may accidentally create a new hole in the security defences. Planning for this event removes many of the incorrect decisions made following an event (reactive) and means all relevant members of staff are aware of the actions they have to take. This particularly lends itself to forensic readiness, specifically focusing on the preservation of evidential data that could then be relied upon following a malicious event.
Digital Forensic Examiner
IT Group UK Ltd
Tel: +44 (0)845 226 0331
Please note: this is a commercial profile