The growing threat of cyber warfare

Cyber security expert explains how to bolster your defences

Worried about cyber warfare? You’re not alone. With the threat of imminent attack from overseas malware and state-sponsored hacks increasing, the National Cyber Security Centre (NCSC) is calling for UK businesses of all sizes to “strengthen their cyber resilience” in response to the ongoing situation in Ukraine.

But what does cyber resilience mean, and what actionable steps can businesses take to bolster their defences? Anthony Green, CTO and cyber security expert at FoxTech, discusses:

“Intelligence suggests that cyber warfare will target critical infrastructure such as hospitals, schools, and energy supply chains. However, the real risk for the majority of businesses is collateral damage, and it’s never been more necessary for UK services and businesses to make cyber resilience an urgent priority.

“The goal of cyber resiliency actions is to give your organisation the best chance of preventing an attack and making a quick recovery if it does happen. Many organisations don’t even have basic cyber hygiene controls in place, which means that cyber education is vital and could have a potentially huge impact on the UK’s overall resiliency to cyber threats.”

FoxTech has provided its guide to the practical steps that businesses can take from today to strengthen their cybersecurity defences:

Stay informed

Can your IT strategy be summed up with the phrase ‘ignorance is bliss’? Businesses who are not fully aware of the extent of the threat and the actions they need to take will be the most vulnerable to attack. So, it’s vital to get informed.

As part of the Government Communications Headquarters (GCHQ), the NCSC website is frequently updated with the latest guidance, making it one of the best resources for UK businesses to get accurate, up-to-date advice to protect their IT ecosystem from attack. Brief your wider team on the heightened threat to ensure that your whole organisation is on board with the further security actions you may need to take.

Protect your devices

It’s vital to protect all devices that connect to your network, including those that are used remotely.

  • Ideally, make sure your employees are using company devices. If you do not provide company devices, ensure that all personal devices that connect to your network are secured
  • Ask employees not to conduct personal business on their company device
  • Ensure that all users’ laptops, desktops, and mobile devices have been tested and patched (patching is a process that repairs security vulnerabilities)
  • Turn on automatic updates and always install new updates as soon as possible

Practise password security

User accounts are a common entry point for attackers – make sure yours are not an easy target.

  • Install two factor authentication
  • Disable frequent password updates that encourage employees to write down their password as a reminder
  • Protect against password spraying by ensuring users choose uncommon passwords. The NCSC guidance recommends disabling complexity requirements which encourage password re-use, and instead use three random words, such as phoneradiuswhile or yelljamdistance

Secure your third-party software

All your third-party software needs to be secured and any vulnerabilities should be patched. If you don’t have the expertise to do this in-house, it is highly recommended that you consult cyber security experts who can conduct vulnerability scanning and implement remedial measures for you.

  • Check that any third-party software such as browsers, office productivity suites, firmware and cloud-based services are patched
  • Make sure your firewall, endpoint security and anti-virus is properly installed and correctly configured (if it’s configured incorrectly then you may not be protected)

Review what you’re showing the internet

It’s essential to review all your internet-facing data, as you might be displaying more than you realise.

  • Get a low-cost or free attack surface map to discover what you have exposed to the internet
  • Get an expert to conduct vulnerability scanning on your internet-connected services and patch any vulnerabilities
  • Secure your domain registration data by implementing a strong password on your registry account

Protect against phishing

Phishing emails are by far the most common form of attack, with 83% of UK businesses experiencing a phishing attempt every week.

  • Take advantage of the NCSC’s free cyber security training which has a useful module on spotting and reporting phishing emails – remember that employees are the first line of defence against phishing attempts
  • Instil a ‘no blame’ culture to encourage employees to report when they suspect they have clicked a phishing email

Only allow necessary access

Restrict access to your systems to only those who need it and ensure that all access is secured.

  • Delete any inactive accounts
  • Check your administrative access and ensure that only those who need to are enabled to access the network to make changes
  • Anyone not authorised to make changes should be set to view-only
  • Implement strong multi-factor authentication to all administrative accounts
  • Get a handle on any third-party organisations who have access to your IT estate. Understand what they do, who is allowed access and what privileges they have. Remove any access that is no longer required

Create an incident response plan

If the worst does happen, you need to have a comprehensive incident response plan in place. Only 31% of companies have an agreed cyber attack response plan set up, so this step will be an urgent action for many businesses.

  • If you don’t have a cyber security incident response plan, see the NCSC’s guidance on creating one
  • If you do have a plan in place, ensure all information (especially contact details) are correct
  • Make sure that your plan details who has the authority to make decisions, and what will happen if the attack occurs out of office hours
  • Ensure your plan includes information on how you will communicate if your normal systems are down
  • Make sure data is regularly and securely backed up in a safe place that is unconnected to your network

Contact cybersecurity consultants

If you don’t have cyber security expertise in-house, then consulting a cybersecurity expert can help you implement the steps above. They can also carry out more advanced actions to find and fix any other vulnerabilities that are particular to your organisation.

  • Get an expert security assessment to scan for any remaining vulnerabilities in your network, programmes, and cloud-based services
  • Join a security operations centre, which can constantly monitor your system and analyse any abnormalities against the latest threat intelligence to identify and block breaches before the attacker is able to steal anything.
  • Undergo penetration testing (also known as ethical hacking) to understand how an attacker is likely to gain access
  • Get a free CyberRisk score from FoxTech (it operates like a credit score for your cyber security) to get an immediate indication of your security posture.

The consequences of falling victim to a cyber attack can be dire, so in the current threat landscape, cyber security should be at the forefront of any business’ strategy for 2022.

Companies interested in finding out their CyberRisk score can order this for free from FoxTech here: https://www.foxtrot-technologies.com/cyberrisk-score

Further NCSC resources can be found here: https://www.ncsc.gov.uk/

The top cybersecurity threats for 2022: and what businesses can do to protect themselves

As we enter into a new year, cyber crime continues to threaten businesses. Cyber attacks cost the global economy an estimated $6 trillion USD in 2021, and the costs are predicted to increase for 2022.

Since the beginning of the pandemic, hackers have been quick to exploit the growth in home working practices. Small businesses also reported an increase in attacks, and with 60% closing within six months of falling victim to a data breach, establishing a comprehensive cybersecurity strategy has never been more important.

Anthony Green, CTO and cyber crime expert at FoxTech, discusses what businesses should watch out for in the coming year: “In 2022, with many organisations implementing flexible working policies, and bringing personal devices into the office, it’s important to understand how cyber attackers might continue to exploit our changing working practices.

“It is often easier for attackers to breach home network devices, so when personal devices are being used to access company data at home, or brought into the office and connected to company networks, it can expose their system to hackers searching for vulnerabilities to exploit. With hybrid working policies expanding companies’ cyber risk, it’s vital to be aware of what the threats are, and how to prevent attackers gaining access.” 

To help businesses plan their cybersecurity strategies, FoxTech has put together a guide to the top predicted cybersecurity threats for 2022, and what organisations can do to protect themselves:

Ransomware

Ransomware was the defining force of cyber attacks in 2021. Hackers infiltrate a system, steal sensitive data and demand a ransom for its return. Ransomware attacks surged by 144% in 2021 from the previous year, and the problem is only expected to develop in 2022.

Anthony comments: “A spate of high-profile ransomware attacks in 2021 has led many organisations to review their cyber risk controls and implement more effective strategies against data loss.

“While this might make it more difficult for cyber criminals to mount traditional ransomware attacks in the short term, attackers are incredibly agile, so we are expecting their strategies to shift in the coming year”

“To prevent your business from falling foul to a ransomware attack, there are two things to consider:

  • Preventing an attacker from gaining network access – investing in an external security assessment is the most reliable way to discover your vulnerabilities. Cybersecurity experts can then configure your security tools to protect you from the latest methods of attack.
  • Catching an attacker before it’s too late – it can take months for an attacker to gather the data they need to demand a ransom. Working with an external, specialised cybersecurity company that can monitor your system and quickly alert you to any suspicious activity can be the difference between a minor incident and devastating financial loss.

“Constant systems monitoring – by someone who is aware of developments in attackers’ tactics – will be more important than ever, as cyber criminals are looking for new ways to circumvent security operations. Currently, businesses are subject to 10,000 attempted attacks a day, but it often takes months for hackers to infiltrate an organisation’s most well-protected data. Catching a threat straight away, and acting quickly to mitigate the effects of a breach, will prevent attackers from stealing enough sensitive data to deliver a ransom.”

Phishing

Over 75% of cyber attacks start with someone opening a malicious email. These emails are designed to extract data from the recipient, usually a password, which is used to gain further access to an organisation’s network. Once an account takeover has been successful, hackers are able to mount more sophisticated attacks.

So how can businesses protect themselves from phishing scams?

Anthony comments: “Security awareness training is essential. Only 14% of UK companies perform cybersecurity awareness training, but educating employees on how to spot phishing scams is crucial.

“Things such as shortened links, an impersonal address, or anyone asking for private information, can all indicate that an email is not legitimate, even if it appears to come from a trusted source.”

The NCSC provides free security awareness training available here: 

https://www.ncsc.gov.uk/training/top-tips-for-staff-scorm-v2/scormcontent/index.html

It is also imperative to set up Two Factor Authentication on email accounts and ensure the secure configuration of your email service.

Business Email Compromise Attack

In 2022, when so much business will be conducted through online conversations between remote workers, organisations need to be aware of business email compromise attack – also known as ‘conversation hijacking.’ These attacks are well-researched, and highly personalised, making them difficult to detect and very effective.

This kind of attack usually comes once access has been gained through a phishing attempt. A hacker reads through breached emails to learn as much as they can about business practice and payment details.

Next, they will use this information to craft seemingly authentic messages which can be sent to both employees and customers, with the aim of tricking them to transfer money or update their payment information.

“A scam that we are seeing more and more frequently is when a hacker impersonates an organisation’s CEO to redirect large payments to their own accounts,” says Anthony.

“Once this money has been lost, it is almost impossible to retrieve, so it really is crucial to prevent hackers gaining access in the first place – and to have your accounts frequently and carefully monitored by cybersecurity experts who can spot an intruder before the final attack has been mounted.”

Companies interested in finding out their cyber risk score can order this for free from FoxTech here: Get in touch | FoxTech (foxtrot-technologies.com).

Why being hacked can be good for your business

Businesses are taking cybersecurity more seriously than ever. In 2021, executives ramped up their cybersecurity spending in response to the explosion of cyber-attacks exploiting lockdown remote working.

Despite this, the frequency and severity of security breaches has only increased, with small to medium businesses in the UK subject to an astonishing average of 10,000 attempted cyber-attacks a day.

Successful attacks breach sensitive data, and recovery can result in severe financial losses, sometimes millions of pounds, for affected businesses.

So, what is going wrong?

Cybersecurity experts agree that one of the biggest issues is that businesses are not spending their security budgets in the right places.

Anthony Green, CTO of cybersecurity consultants FoxTech, works to prevent cyber-attacks, and helps companies who have experienced a security breach: ““What we are seeing is that usually, IT strategies fail when businesses don’t actually know what their weaknesses are – or indeed don’t realise they have any at all.

“Many companies believe their networks are secure because they have outsourced their IT or installed an anti-virus package. Unfortunately, this is like going on holiday and locking your front door, but leaving all your windows wide open – traditional security methods are not comprehensive, and hackers can easily find and exploit your remaining vulnerabilities.”

This is where ethical hacking, also known as penetration testing, comes in. Ethical hacking is when an accredited cybersecurity consultancy carries out a simulated cyber-attack against your computer system.

Penetration testers can identify exploitable flaws in bespoke software, carry out scenario testing to discover how incidents, such as a compromised DMZ host, impact on your security, and test your businesses’ response capabilities to attack or temporary vulnerability.

Anthony comments: “It’s impossible to take the right cybersecurity actions without knowing what your problems are. This is why penetration testing really is crucial. 

“Subjecting your IT infrastructure to ethical hacking by someone who isn’t going to steal your data is one of the best things you can do to prevent a real hacker gaining access. Initially, companies can find it hard to believe that hacking could ever be ethical, let alone good for their business – but it is the best way to find out exactly how vulnerable your business is to an attack.”

Once penetration testing has shown you where your weak spots are, and what methods hackers could use to exploit them, the next step is to fix, secure and block these paths to access.

Most companies’ current IT protection plans focus only on the last step – blocking access – without necessarily knowing exactly where that access is.

Any kind of vulnerability assessment like penetration testing provides an exciting opportunity to find out if your business and your data is properly protected from attack, and should be seen as an essential aspect of any good cybersecurity strategy.