How to plug a data breach

Telstra's latest hacker headache has again highlighted the deficiencies in corporate defences when it comes to keeping cybercriminals at bay. The attack affected 35,000 of Telstra's customers and its timing could not have been more unfortunate given that it was just a week ago that the telco was telling everyone at the AusCERT security conference how much it had learnt from the massive breach late last year.

While the latest breach is nowhere as catastrophic as the one seen last year, it's further evidence of the complex cat and mouse game that corporations and cybercriminals are engaged in.

In fact, attacks of this sort are so commonplace that respected security expert Eugene Kaspersky says the real question is just who is going to get hit next?

“These types of attacks are happening almost every day so it's almost about who's going to be in the news next,” Kaspersky told Technology Spectator.

He adds that the root causes of the breaches boil down to three vectors: mistakes in the security architecture, zero-day vulnerabilities and social engineering.

“In some cases the bad guys are using all of the three technologies together but in most cases mistakes are made on the victim's side,” he says.

Unfortunately, making a mistake has become all the more easy in today's enterprise space as employees start bringing in their own devices, utilise cloud storage services and use social media channels.

The rise of social media as the latest tool in the arsenal of cybercriminals has come under particular scrutiny off late and according to Bucharest-based security vendor, BitDefender, the proliferation of social media channels means that there is an incredible amount of legitimate personal data floating around in cyberspace.

Users have accounts on multiple channels (Facebook, Twitter, Gmail, etc) and with so many points of presence in the virtual space cyber criminals have multiple conduits in which to access our information. What that means is that today's cybercriminals are expending a lot of energy on effective data mining.

According to BitDefender's global PR co-ordinator Andrei Taflan, cyber criminals aren't wasting time writing complex code they are spending time gathering information to ensure that the malware has an undisputable stamp of authenticity.  

“In the future we will see simple malware but very, very complex social engineering. That doesn't mean that today's cybercriminals are technically smarter but they have adapted quicker to emerging trends than average users,” Taflan says.

In the malware business knowledge is power, and that's why malware makers are targeting social media for information.  Why right complex code when you can spend time collecting huge amounts of data to build ultra-realistic malware?

One recent example of this was an attack on a US organisation last year where seven mid-level managers were sent an email which was specifically engineered for consumption by the individual targets.  Every manager got an email in his name and the message had all the necessary source certification. This type of sophisticated targeting is a key feature of today's malware and the advent of cloud computing and storage means that existing enterprise network protocols are bypassed more often than not.

So how do organisations navigate this minefield? According to Kaspersky, there is still an enormous element of human error involved through weak security design, poor password protocols and a lack of judgement from IT managers and employees.

One obvious solution to the problem is having experienced IT teams that are constantly shoring up network defences. The other critical step is to ensure that employees are kept fully briefed on the ‘do's and don'ts' on the network.

“When it comes to social engineering it's a very good idea to provide training to managers and employees. Show them examples and the tricks used by cybercriminals,” he says.

Another strategy is to take a collaborative approach to defence. According to Gabi Reish, the head of product management, at Check Point Software Technologies, organisations need to be willing to share data with each other in the event of an attack.

“People are not collaborating and sharing data with each other, which is a concern,” Reish told Technology Spectator. “The best way to mitigate attacks is to share data and increase threat perception and intelligence.”

Expecting enterprises to share data, even if it's for a good cause, may be a stretch but Reish says that it's not about compromising sensitive information but really exchanging specific information to prevent contagion.

The important thing to keep in mind is that security should be seen as an enabler for a business not an inhibitor. To do that organisations may have need to move beyond the idea of putting up bigger walls - which end up being porous anyway - and finding a more proactive and practical approach to security.