At the recent BlackHat conference this year, a researcher from a Spanish security firm displayed a proof of concept where he was able to literally perform cyber attacks from space.1 By hacking the signals coming from satellite Internet, he was able to anonymize his Internet traffic, access private systems and perform man-in-the-middle attacks to spoof requested web pages. Now this might seem an excessive example, but it does illustrate the breadth of the modern attack surface and the potential extremes that attackers go to in order to compromise your network.
In April 2015, the AFP reported that they had received more than 3500 reports of cyber attacks against Australians and Australian businesses from foreign countries and criminals. Considering the sensitivities around reporting breaches, and the secrecy that surrounds attacks, it is also likely that this figure is a significant underestimation of the true number of breaches. More than this, the head of the AFP’s cyber crime unit said that this threat was only going to increase.2
And it’s not just the AFP that have noted this trend – around the world, stories about network compromise abound. Often, the target of these compromises is confidential and sensitive information – from proprietary company secrets to sensitive employee information that can be used for identity theft. Criminals and rogue state actors aren’t just targeting financial data any more either – they’re running the full gamut against a vast array of valuable and diverse information. Earlier this year, for example, the US government was targeted in an attack that compromised the personal details of up to 18 million government current, former and prospective employees.3 Back home and last year alone, the Australian Signals Directorate (ASD) noted a 20% increase in the number of cyber attacks on the previous year.4 What these stories (and the many others in press at the moment) indicate is that cyber attacks against Australian businesses aren’t hype – they are a real and increasing threat that should not be ignored.
As our example from BlackHat shows, attacks can occur against multiple assets across a range of different levels and services. What we think of as the modern attack surface isn’t bounded by the conceptual network perimeter of the past. It’s much broader than that and can encompass both expected and unexpected avenues and intersections. Attacks can occur against your network, your critical infrastructure, your information assets – even your staff. And the ultimate targets of those attacks can be wide ranging as well – from intellectual property, to sensitive information in furtherance of identity theft, to network and other infrastructure resources. Protections and mitigations must be considerate of these circumstances and appropriate to the current threats.
Businesses can be compromised in a number of different ways, including by malware, clever social engineering, exploiting vulnerabilities in an organisation’s resources or a combination of all three. Often, particular industries may be targeted in extended campaigns against those who have the most valuable data. Businesses in the banking and resources industries are often targeted, but the reality is that any business holding sensitive or proprietary information is a potential target.
The nature of modern business practice and its heavy reliance on computing and network technologies makes these types of remote attack possible. A distributed workforce, BYOD and moves to the cloud also make protecting your assets an even more difficult proposition. But what these complexities indicate is that there is no single, simple approach to protection that is going to work for all businesses in all industries, in all contexts. A ‘one size fits all’ approach doesn’t work for security.
This complexity shouldn’t stop you from taking appropriate action though. These compromises certainly indicate that the first step to take is to understand the value and importance of the information and infrastructure that your business relies on. Once you’ve done this, you then need to prioritise security investments appropriate to the resources you are trying to protect. The selection of protections is then likely to focus on these areas, but be layered and diverse enough to cover the most probable avenues of attack. Considering the importance of your network to your operations and the transfer of data around your organisation it’s likely that this will be an area of significant attention in your security plans. Your network must have the protections in place to make it resilient to attack.
Inline with the ‘no one size fits all’ approach necessary for successful and appropriate security protection, Nextgen offers a number of different security services and certifications that can be employed to increase the security of your network and your infrastructure.