Fighting the enemy within: how prevention is better than cure in the current cyber crimewave

In an article in the Sunday Times on 12^th July, Poppy Gustafsson (CEO and co-founder of cyber-security firm Darktrace), pronounced that lockdown has fuelled a cyber crimewave.

She’s right.  Organisations are far more vulnerable now than they were 6 months ago.  Just about everyone has had to adapt, at speed, to a digital workplace, and the consequences are far wider reaching than a plethora of empty office blocks in town centres and an increase in ASOS’s trading figures!

It’s far more difficult when you have staff working from home to guard against the susceptibility of cyber-attacks.  As Gustafsson stated in the article: “The Covid-19 outbreak has raised the threat of cyber-attacks to critical levels. Remote workers are targeted by increasingly elaborate scams, with hackers preying on their loneliness and desire for information.”

It’s a worrying fact that the biggest increase in cyber-attacks during lockdown has been from the “enemy within”, with cyber-criminals posing as co-workers and sending fake emails with malicious links.  These days it’s significantly more sophisticated than the old “Nigerian prince needing your bank details to gain his inheritance” type scam.  Look at what happened to Twitter last week – a very costly internal breach carried out by tricking or otherwise persuading an employee to provide access – known as a spear-phishing attack.

Social distancing and remote working have exacerbated this “enemy within” type of attack.

The speed and circumstances in which the digital workplace transformed for the majority of us mean many organisations are struggling to keep pace and make their infrastructure safe, secure, and reliable enough to handle home working.

Cloud adoption has increased significantly to support remote working, as businesses realised that on-premise servers and systems weren’t set up to allow remote access. This has led to huge pressures on IT teams in terms of ensuring security – often whilst at a distance themselves. These are developments that might have been on an IT roadmap for the future – one that was carefully thought out, but wasn’t necessarily planned for immediate deployment – and certainly not at the speed at which they had to be implemented.

Combine this with the other key IT security challenge being faced during lockdown – the significant increase of not necessarily tech-savvy workers now fending for themselves at home – all juggling emails, MS Teams/Zoom calls, partners, home education, children, pets, etc.; plus the fact you can’t just shout across the office to ask Barbara if she really did send that email with the attachment just now or not, and you suddenly find yourself with a large number of company employees who are more susceptible to clicking on links that may contain malware.

Additionally and perhaps even more worryingly, these days the baddies/hackers/cybercriminals seem to be the innovators – with the agility, innovation, and sense of purpose that most organisations can only dream of.

Gustafsson likens it to the “weaponising of AI” – an arms race between the cyber security specialists and the hackers. Who’s got the strongest mathematical algorithms? Who can innovate fastest in the increasingly sophisticated battle of AI vs AI? It may sound like something out of a work of fiction, but it’s not. It’s a huge threat to all organisations and businesses, particularly utilities, health services and even governments (which is a whole separate paper), but what is clear is that cyber warfare is the new big risk of today.

Technology and software to protect and prevent has its role, but education is key!

What’s the betting that many of your staff will have the same password for their Just Eat and Amazon accounts as they do for their O365 account?  How many know or realise how easy it is for one to be compromised?  And if it is then all the other accounts are too, and then how easy it is for the baddies to then get inside your infrastructure – like with the Twitter attack.

These are the ones who are your vulnerable points.   I would recommend, for example, to run a spoof phishing campaign and simulate something that could happen to find out which employees need training and guidance, and then implement that training as a matter of urgency.  I’d also recommend doing this regularly – a bit like fire alarm practice.

It’s not all doom and gloom, there are tools out there to help with prevention rather than cure:  Sophos, for example, use AI to look at patterns of behaviour in the coding/algorithms to identify the “suspicion of a something” and then protect against it/stop at source.

MSP’s also play their part.  For example, we offer credential theft monitoring as standard on all our managed services. If you would like to find out more about how Synergi can help your business protect from both the threat within and external threats such as ransomware  then contact me for a quick chat.

Plus if you’re looking to become Cyber Essentials accredited, we can help with this too.  Cyber Essentials is a government-backed industry-supported scheme to help organisation protect themselves against common online threats.

David Bradbury