Blogs

The power of persistent security – protect your business from cyber attacks

January 19, 2017

Posted by: Avadhoot Patil

It’s difficult to think of a phrase in the past year that brings more of a feeling of dread to an organisation than ‘cyber-attack’. Add the word ‘advanced’ to this and it all seems much more of a hopeless task of trying to defend against it.

However, what’s missing from the picture is that these attacks have only become more advanced in terms of the parties that have been conducting the attacks and the targets that they are seeking to exploit or damage.

Take, for example, the attack on the Ukraine Power Station in 2016, which left 230,000 people in the dark and without power for six hours. Officially, this was the first reported cyber-attack against a nation’s power infrastructure, with the attack vector being the supervisory control and data acquisition (SCADA) system.

The Ukraine attack has been an important lesson to those companies wishing to improve their cyber security systems and also acts as a stark warning for those who do not, says Tim Ricketts, director of M.A.C. Solutions UK Ltd.

The following trends have emerged from the aftermath of the Ukraine attack:

The stakes have changed

The stakes have changed, but the defences have not – therein lies the problem. The typical industrial control network may appear to have the greatest of all protection – air gapping. This physical network separation is now the status quo across industry, and rightly so.

As the defence has changed now, so has the attack vector. Malware that is created to destroy a SCADA system, for example, will lay dormant until it finds its target, moving from phone to USB stick to laptop, using its host as a means of transport, until it finally meets its end destination – your process and control equipment.

Tim Ricketts, director of M.A.C. Solutions UK Ltd

Tim Ricketts, director of M.A.C. Solutions UK Ltd

The damage is now done. The dormant malware that evaded your corporate firewalls and personal device protection is now on an air gapped system – a system that will likely have an out of date firewall due to the very reason it was deemed to be secure.

If your question as a business is still “what extra training do I need for my staff to combat this threat?” then your security is already compromised, but not for the reason you might think. The key trend across all attack vectors in all industries is that people are the problem: password capture, insecure connections, phishing emails and the USB stick in the car park. These attacks play on one human instinct, curiosity. For this reason alone you cannot solely rely on the fact that your staff have been trained.

Persistent security

The methodology of persistent security is to assume the worst and therefore be at the forefront of the defensive evolution for your process and control system. It requires building an eco-system in which you have full visibility of your weaknesses, so that you can be ahead of the attacker.

To do this, you must firstly contain your network, ensuring that access to critical systems is planned, logged and audited. The access that is granted must also be controlled. End device protection technology such as Sheep Dip USB Device protection must be implemented so that end devices are protected from internal tampering or accidental exposure to malware – those devices that may have already been exposed to malware can also be detected using the latest definitions, without having to ever expose them to the Internet.

Once you can be confident that your devices are secure, monitoring of your network is fundamental to understanding your weaknesses and offers the potential to expose existing breaches that may have occurred months previous.

Quickly patching these insecure access points and understanding your vulnerabilities may deter the opportunistic attacker. To do this effectively, a product such as CyberX can be used to automatically gather usual network traffic, logs, control events and then use this as a basis for detecting anomalous activity.

The top ten discoveries made within weeks of using the ‘Persistent Security’ technique are as follows:

The author of this blog is Tim Ricketts, director of M.A.C. Solutions UK Ltd.

Comment on this article below or via Twitter @IoTGN