It’s Day 199 – Are You Ready for Cyber-attack?

What’s up with Day 199? Consider this sobering fact: On Day 200 of a covert cyber-attack, your company or organization may suddenly find – without any warning – that you’re severely compromised, facing expensive legal exposure, or worse case, effectively out of business.

Why?  As too many CEOs, senior managers, CIOs and others already painfully know, it typically takes about 200 days before a major organization finds out that they’re already the victim of a major cyberattack and data breach. Before Day 200, for six-plus months, cyber-criminals or hackers have been pillaging your sensitive data, records and precious proprietary code, all the while you were blissfully unaware — until it was too late.

As a C-level executive or senior-level manager, do you know where your company or organizations appears on this threat spectrum?

As I write, numerous magazines – ECN, Government Technology, FCW (the Business of Federal Technology), Defense Systems, Time magazine and the like – lie atop my desk. Every one of them – plus numerous more not mentioned – have cover or major stories on cybersecurity and the looming threat of shattering cyberattack.

Should you be concerned?  Yes, you should.

“It’s only a matter of time” – thus read the frightening headline in the October 27 (2015) Wall Street Journal, quoting Admiral Michael Rodgers on how long it would be before a crippling “digital Pearl Harbor” devastates U.S. industry and even the military.

The Internet – which nations and individuals alike have become all but completely dependent upon – is already being widely used as a recruitment tool and revenue-generator for terrorists and small groups with destructive agendas. But what happens when these groups starting viewing the Internet as a weapons system?

Multiple millions of people in the United States have already suffered compromised sensitive records and financial loss. Major commercial corporations like Anthem (healthcare insurer) and Sony (entertainment) have been on the receiving end of major billion-dollar digital broadsides. The damage is still being calculated. Some have opined that World War III has already begun among the superpowers and several first world nations – the only difference to date is that the war is being fought on a digital battleground. With the multi-billion device network growing daily on the Internet — commonly called the Internet of Things (Forbes predicts IoT to become a multi-trillion dollar market by 2020) — companies in the cloud and Internet-dependent represent higher and higher degrees of vulnerability.

What does a cyberattack look like? Defense Systems and Madiant Consulting warn of “advanced persistent threats” and their specific defined stages. Possibly the real danger exists from rogue movements like ISIS, whose avowed objective of the destruction of Western civilization is well-known. These groups lie outside the realm of negotiated diplomatic agreements. So what might a cyberattack entail?

The first stage is often silent reconnaissance.  The company or organization doesn’t know that it’s been targeted. The cyber-aggressor may use “phishing” tools (sending a malignant e-mail with a seemingly harmless link that goes to a mirror site to capture critical data) or exploit online “laziness” to secure key information. A “watering hole” strategy may transparently redirect regular Web visitors to a different site with implanted malware. Visitors or people clicking on “harmless” links don’t know that they just infected their computer or network.  Poor password protection (believe it or not, the most common password is “password,” followed by “123456”) or non-encryption of data may offer points of entry. At this point the target organizational network is considered compromised, but not breached.

The second stage is often explorative intrusion. The malware probes and pokes around inside the now-compromised network, cataloguing and reporting vulnerabilities. As the intrusion progresses, the malware may communicate with outside “command and control” servers to receive fresh malicious code or additional instructions.

The third stage of a cyberattack often includes the identification and development of new digital “backdoors,” deploying malware such as remote access Trojans (RATS). Collection of data and code continues. Multiple entry points are established at this point to ensure that security upgrades by the target network won’t close off access. The company or organization is completely unaware that anything is going on.

The fourth stage often involves password hacking and/or encryption unraveling.  The network now enters a fully compromised state, but the cyber-aggressor is patient.  Opportunities for data exploitation or system destruction are more fully explored.

The fifth stage generally takes place when malware code is activated and the compromised system is considered effectively breached, although it may be multiple weeks, months or years before the breach is discovered. Critical data is stolen out of the formerly secure system. Or malicious code is inserted that will irrevocably bring down critical systems at a crucial point, often scheduled in the future.

The sixth (generally the last) stage involves elaborate digital cleanup. The cyber-aggressor generally wants to erase all online “tracks” that would alert the breached network that something was terribly wrong, or also provide a digital “trail” leading back to the cyber-aggressor.

Military and national security systems, which the Pentagon has described as “vulnerable,” face massive daily cyber threats, including more than 40 million probes, scans and outright attacks every month. As one Admiral told Defense Systems magazine, “Out of 700 million emails [that] we’ll get in a month, only about 98 million are actually good emails.”

Now here’s what’s important: What can be done to protect your organization?

• Frontline malware protection software and diligent password protection protocols are important. IT professionals regularly still see complicated passwords taped to the side of a computer monitor on a post-it note.
• Have a network security policy and plan, and enforce it! Secure your hardware and replace outdated Wi-Fi technology (protect yourself from “wardriving”—where digital hacker thieves drive around scanning for poorly protected networks). Use encrypted complex passwords. Develop and enforce a portable USB drive use policy.
• Consider using encryption software to protect your data. Physically protect portable hardware like laptops – many companies physically lock their servers into racks, and require USB security locks. If you’re a medium or large-scale company or organization, considering using highly sophisticated encryption software, including high-speed multi-layered database engines such as Ancelus.
• Depending on the size of your company or organization, considering have a digital security audit conducted. Where are the weak points? (E.g., does your business still use the Microsoft XP operating systems on your PCs? Microsoft no longer supports XP with security upgrades.)
• Buy data breach and identity theft insurance (if you’re a small business owner, check your homeowners policy for identity theft coverage). The odds are you’ve already been probed for weaknesses – small and large businesses alike annually suffer millions of dollars of digital theft. And as the Admiral in the Wall Street Journal noted, “It’s only a matter of time” before someone hits on you.

Cyber-aggressors and cyber-criminals have everyone’s attention. In October, Congress even (finally) passed legislation that will help commercial companies and the U.S. government work together to combat small and large scale cyberattacks.

But total and impenetrable cyber-security is a myth. You can minimize risks. How? To paraphrase Thomas Jefferson, “Eternal digital vigilance is the price of cyber liberty.” Whether super-strong Ancelus-based file encryption or heightened password protection, you can do things to lower risk.

Don’t wait. Whether small or large, take critical steps for protection today!

The author, MEK Managing Principal Michael Snyder, has written for several technology publications and white papers, including a weekly Chicago technology column.