Ken Garrett explains why keeping a business safe from cyber attacks is paramount in today’s digital business environment.
Organisations are increasingly relying on information technology. For example:
• Recording accounting data.
• Big data.
• Artificial intelligence.
• Computer-aided design and computer-aided manufacture.
• Process control.
If information is lost, stolen or improperly altered, or if processing halts, then an organisation will be damaged – perhaps fatally.
IT systems can go wrong for many reasons but the term ‘cyber security’ is reserved for malicious damage or attack. It is the use of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks.
Cyber attacks can:
• Disable the system or knock it offline. For example, denial of service attacks aim to overwhelm internet sites to stop them functioning.
• Get access to the target computer’s data to learn from it, change it or distribute it. For example, ransomware encrypts data and demands a payment before the unencrypt key is supplied.
• Takeover or interfere with the processing. For example, to prevent machinery working. The importance of cyber security has increased because of increasing reliance on IT and also because of changes in technology.
Today, almost every computer has internet access, will be part of a network and might use cloud technology. All of these systems involve communication networks and this increases their vulnerability. It should be noted that the Covid-19 virus has meant than many more employees are working from home and require remote access to their office systems. This increases the risk of a cyber attack.
In the UK, the National Cyber Security Centre gives guidance on the security of network and information systems. The objectives are:
• Managing security risk.
• Protecting against cyber attack.
• Detecting cyber security events.
• Minimising the impact of cyber security events.
Managing security risk: This is high level and includes considering the organisation’s attitude to risk, identifying and assessing risks, and identifying essential services that must be maintained. Management should appoint a specialist committee whose brief is to manage cyber risks.
Protecting against cyber attack: A set of comprehensive policies and processes must be developed that will protect the organisation’s system so that essential services can be delivered. Measures include:
• Care in staff recruitment, training and culture.
• Strict access control.
• Testing software.
• Holding data securely.
• Resilient networks.
Detecting cyber security events: An effective monitoring system must be in place so that actual and attempted security breaches are discovered and responded to.
Minimising the impact of cyber security events: There should be response and recovery planning. For extreme incidents this might be known as a disaster recovery plan. This plan should indicate how to assess the seriousness of the incident, how to minimised the effects of the incident, staff duties, how a back-up or standby system can be switched to, and how public relations should be managed.
Cyber security tools and techniques
Forensic analysis: Computer forensics techniques discover, preserve and analyse information on computer systems in ways suitable for court evidence. Forensic analysis will also extend to network analysis where the results can show who was logged on to the system at any time, what operations they carried out, what websites were accessed, etc.
Malware analysis: Malware is software specifically designed to disrupt, damage, or gain unauthorised access to a computer system. Malware includes viruses and ransomware. Malware analysis aims to understand what a piece of malware does and how it does it.
Penetration testing: Sometimes the terms ‘black hat’ and ‘white hat’ are used to describe hackers:
• Black hat hackers are the baddies, illegally hacking systems for personal gain, political reasons or just for fun.
• White hat hackers are the good guys who try to penetrate systems on behalf of the systems owners.
Penetration testing (‘a pen test’) is an authorised simulated cyber attack on a computer system by hackers acting on behalf of the client to probe the system for vulnerabilities.
Once vulnerabilities have been found the client must take action to remedy the weaknesses; the penetration test should be repeated to see if the measures taken have been successful.
Software security: This means trying to protect software against malicious attacks. Software security can be enhanced by using good programming techniques. New or amended software should be used only after strict authorisation and testing.
Software security can be designed in layers with security set at an appropriate level for the processing being carried out and data being accessed. For example:
|Low||Able to withstand simple attacks|
|Medium||Can withstand attacks and report those attacks|
|High||Can withstand attacks, report attacks, and make use of protective action such as: locking accounts, encryption, recording the IP address of intruders.|
• Ken Garrett is a tutor for OpenTuition