IT Infrastructure is critical to operations in many spheres nowadays. The financial and commercial sectors, Government and parastatal organisations, and even home networking depend on a solid and reliable IT infrastructure. IT Security is a key skill in all areas.
Cyber Threats – the Current Landscape
The scope, frequency and ferocity of cyber-attacks have increased dramatically in recent years. Bad actors have similarly broadened in scope. It is now not just surfers, script kiddies and amateurs. Activists and opinion formers have joined cybercriminals in attacking IT Infrastructure.
Attacks such as those on the Colonial Pipeline in March 2021 have demonstrated that IT Security is vital. Sources have stated that key IT infrastructures including major financial and commercial organisations and state organs such as power and water reticulation are being attacked as part of the current conflict in Ukraine. They are likely to be a major part of cyber-terrorism and cyber-warfare in the future.
A further issue is the increasing interconnectedness of different networks. The complexity of networks and the dependence on them and their links have increased the number and size of potential threat surfaces open to attack. The resources needed to manage and monitor networks have become a growing strain on IT budgets. Fortunately, the emergence of self-configuring and self-healing networks has gone some way to help, as has the effectiveness of AI-based monitoring tools.
Cyber Threats – What to Do
Here are five current cyber threats and countermeasures.
-
Have a culture of cybersecurity awareness;
The FBI has said that most cyber security failures start between the keyboard and the chairback. From induction onwards, management and employees need to be aware of cyber threats, how to recognise them and what to do if they think they are being attacked.
The most common cyber-attack is a phishing exploit. Put simply, a phishing email is one apparently from a friend, colleague or reputable business with an invitation to click on an embedded link. The link goes to a fraudulent website, where a thief steals information such as financial data, id/password information or installs malware on the user’s desktop.
Users need to know how to recognise one and what to do if they encounter it.
-
Implement a Zero-trust environment;
Current models assume that once logged onto the network, everything is allowed subject to user security profiles. In a Zero-trust environment all activity is treated as potentially unsafe until proven otherwise. It starts with airtight access management and denies access to unauthorised devices and users through strict authentication.
These principles are applied at all levels of the network architecture. In some applications, the network is segmented, with movement between segments strictly policed.
IT has an understandable worry about remote access being used as an entry point for bad actors.The authentication paradigm needs to change. One change is that rather than applying security to a device, it is applied to a user. What they can do is determined by their user profile, irrespective of how they connect. For example, in a VoIP environment, a user can use any handset by keying in their personal credentials.
Another is to only allow remote access using a VPN. IT can control access by managing the VPN to be used, the authentication process, and the user credentials.
-
Regularly audit the network;
This is increasingly important in today’s remote working environment. Users can attach any device to the network because IT can no longer dictate and manage attached devices. Regular audits are necessary to detect potential malicious and unauthorised devices and make sure that all network assets are properly protected. If you don’t know it’s there, it will not be protected.
-
Network segmentation; and
In a flat unsegmented network, a hacker can see the entire network, and run malware across it. Dividing and sub-dividing a network into separate segments can secure valuable assets such as financial and personnel data from attack by defining administration policies to control access to each segment.
This also enhances internal data security. For example, production staff should not have access to personnel or finance data.
-
Keep up to date.
It’s all very well implementing policies, procedures and anti-malware software, but they will lose effectiveness unless they are kept up to date to be able to counter the latest threats. Most organisations implement anti-malware from a central server, automatically retrieving updates and pushing them to desktops and other connected devices.
In a similar vein, firewall, router, and switch software needs to be regularly checked and updated.
Over and above this, IT needs to be aware of the latest threats and countermeasures. This means reading online blogs and journals and attending appropriate events. They must then assess what effects they could have on the IT Infrastructure, and how they could be countered.
In conclusion, Cyber Security is a process, not an event. The key action is up to date awareness of potential threats and their countermeasures.
