Written By Sean Pea, Head of Threat Analysis, APAC at Darktrace
Although Singapore was ranked as the safest country in the world based on a report by the World Justice Project in 2018, cyber security breaches are increasingly threatening the safety of our digital world.
A month ago, Singapore Red Cross announced that its website was hacked, resulting in the disclosure of personal data of over 4,290 individuals. Earlier this year,the medical records of 14,200 HIV positive patients and personal data of 180,000 blood donors were leaked when attackers struck, following the SingHealth cyber-attack last June,the worst cyber-attack in Singapore’s history.
For as long as people have sought to protect their assets from intrusion, they have safeguarded those assets behind ever more formidable walls, from castle walls to digital firewalls. Yet no matter how impenetrable such fortifications appear, motivated attackers will inevitably find a way to bypass them. Build a 50-foot fence, and the enemy will bring a 50-foot
Perimeter security is part of good cyber hygiene, but has become inadequate as a primary mode of defence. The digital world – with all its applications, users and endpoints – is exponentially more difficult to wall off than the physical world.
A single vulnerability or oversight can spell disaster. Meanwhile cyber-attackers are getting more and more sophisticated at evading these locks and bolts. Today’s defence strategies must prepare for the threat that
gets in – or the insider turned bad. And crucially, it must constantly keep up with the attackers’changing tactics.
Artificial intelligence is now the fundamental ally to corporations and governments in the fight against the threats that no one can predict, the threat that gets through perimeter defence.
Cyber AI works by learning the ‘normal’ behaviours of a network and its users, allowing it to detect and contain the subtle anomalous activity that humans and traditional security controls miss. In defending against the unknown, AI also shines a light on companies’ common cyber hygiene issues which can lead to a breach. Five of these are examined below.
Issue #1: Lack of visibility
As the Internet of Things (IoT) explodes across Singaporean businesses, keeping an inventory of connected devices often proves unfeasible. Between app-controlled thermostats and smart refrigerators to connected cameras and Bluetooth sensors, few security teams can keep up with the true extent of their networks.
Yet attaining 100 per cent network visibility is a prerequisite to a mature security posture, as attacks could strike at any single point of connection. Attackers are increasingly targeting poorly secured IoT devices to bypass the perimeter at its weakest points, allowing them to gain access to the central network in order to compromise sensitive data and physical
systems. But by analysing all traffic from the entire digital enterprise, cyber AI technology provides comprehensive visibility for security teams in a unified view. And crucially, the AI works on behalf of human security teams to detect when new devices come online, and generate an autonomous response to threats as they emerge.
Issue #2: Data uploaded to cloud services
Cloud computing has rendered perimeter defences even more impotent. Nevertheless, there are a number of bad cyber hygiene habits that make bypassing the perimeter much easier, including employees who upload data to cloud storage providers that are not on an organisation’s approved list. Whether done maliciously or inadvertently, this decision prevents
organisations from gaining any visibility over that data being transferred across the globe.
While the cloud can be an essential conduit for digital transformation projects, it is critical to proactive cyber defence that businesses have a rich understanding of cloud environments and how they interact with the corporate network.
Issue #3: Using corporate devices for personal use
While the divide between corporate and private networks is a primary facet of cyber hygiene, few employees are immune to the temptation and convenience of using company devices for personal use. Whether it’s torrenting movies, using social media, or checking personal email
accounts during the workday, these activities all expose carefully guarded corporate environments to ones that are far less secure. At the same time, many organisations lack visibility over their own online traffic, preventing their security teams from catching such risky behaviour until it’s already too late.
Further compounding the challenge, employees have also been known to violate internal compliance policies by downloading unauthorised software for private purposes, which introduces serious security risks and opens the door for supply chain attacks. Cyber AI can identify when such policies are being broken in real time, and work with the employee in question to mitigate the compliance breach before it can escalate into a cyber-attack.
Issue #4: Insufficient education around targeted attacks
All organisations, no matter what the size, receive phishing emails. Phishing emails remain one of the most successful ways for cyber-criminals to target individuals or corporations. On average, four per cent of the targets of any phishing campaign will click the link. As these attacks become more and more targeted to individuals, it is becoming more difficult for employees to discern the difference between benign and malicious links. It’s thus crucial that businesses work with employees to understand proper protocol when it comes to handling suspicious emails.
Employee education is essential to lower the risk of organisations falling victim to phishing campaigns. Employees should always be wary of emails from unknown addresses, or with unexpected attachments or links, and should double check email domain names. But continuous AI monitoring will also be necessary for the highly sophisticated phishing attacks that fool even the best-trained people. Education and AI must work in tandem, for the next generation of spear-phishing campaigns.
Issue #5: Weak password usage and storage
Among the most common and most avoidable cyber-attacks are those that exploit systems with weak passwords, which can be easily breached by cyber-criminals – sometimes in mere minutes. Yet stronger, more complex passwords introduce another problem: because they are harder to remember, users tend to store these passwords in sometimes unsafe locations. Whereas passwords housed in encrypted mediums such as password managers are relatively secure, many users instead save them in clear text on Word Documents, for example. Several modern strains of malware possess the ability to comb through the network in search of
possible files which contains passwords, rendering this a critical vulnerability.