Cyber ​​Defense: Is Your IT Team Telling the Whole Truth?

As a CEO or CTO, you trust your IT team to keep your systems secure, and while they always want to do the best job they can for you, are you sure they’re telling you the whole truth?

Imagine living in a house as a family, and some of the children knew that the father left the back door unlocked every night, the mother always assumed it was locked, but it never was, and for years nothing happened. Then one night they are burgled and their prize properties disappear.

Imagine the questions;

Dad: “well, that door was always unlocked”

Mom: “why, and why was I never told?”

Child 1: “I knew that but thought you did mommy!”

Child 2: “Yeah, I guessed it was unlocked, but couldn’t be bothered to say….”

That is the scenario in companies all over the world.

The mother (say the COO of a company) doesn’t think they need help as they have a man who locks all the doors.

What follows is an illustration of the problem being faced right now in organizations.

We are seeing a growing trend of attacks against data backups. These are rarely targeted, but become a concern when ransomware is considered. Ransomware is a scary prospect at the best of times, where a computer virus is planted into internal systems, allowing criminals to squeeze money out of businesses.

The course of action during a ransomware can be to lock IT administrators out of systems, steal client data, or even just wreak havoc. If you’re already worried about how your organization protects its backups, there’s good reason. But there is worse to come.

Jim from accounts – the silent problem

Imagine a scenario where you, as a business manager, have assurances from your technology team that the live environment and Internet-facing perimeter topology are secure. It has passed all the latest tests and all the calculations are green. From a cybersecurity perspective, the recent Red Team drills with the board went well, and the playbooks are all up to date. A position many C-Suite executives find themselves in, and what a great place to be.

But unbeknownst to anyone, good old Jim in accounting ordered his girlfriend a lovely pre-summer holiday gift from a well-known online retailer yesterday. Today, Jim received an email from the same merchant that his payment had been declined. After unknowingly clicking on a link to find out why, a new piece of malware, containing an undetectable virus (referred to as a zero-day attack), was downloaded onto his laptop.

This was not a valid email but a well worded phishing email. An embarrassed Jim deleted the email, and went about his day with no intention of reporting the incident for fear of reprimand.

Over at Cybercriminal Towers, an alert was quickly received that the malware was active, and a crack team of experts began work. These are well-organised outfits, with offices, free fruit and views – no longer a single balaclava-wearing young chancellor punching keys into a keyboard in the hope of landing a big fish.

We need to develop an understanding of how cybercriminals operate and act. Given the lucrative nature of the work, they sometimes compete for the same technical talent that the right side of the law does, strange as that may seem.

This team of criminal courts on this occasion even more sinister malware against a specific target. They work quickly, undetected, traversing the company’s network from Jim’s laptop. They have very fast access to the servers.

And after a short time there it is, the backup system – in all its glory. Akin to a scene from Deadly weapon, where Murtaugh and Riggs wait for instructions on which color cable to cut, a subtle click here and there and boom – a gnarly set of files containing the most complicated ransomware is planted on the backup system. The fallout? Nobody, nothing. Not yet. Now we wait, while the timer ticks away.

Cybercriminal Towers – Revisited

As time goes by, a new risk assessment takes place, and it’s another clean bill of health. Happy days, to…

This time, the team at Cybercriminal Towers customized their next visit to Jim’s firm as a targeted visit. Into the network they go again. This time the live environment looks too appetizing, and for good reason. That’s where the crown jewels are. Another server, same effect, Boom! Ransomware landed again. Easy to choose.

This time, the malware runs immediately, notifying the tech teams. At the same time, all the managers receive emails that hold the company to ransom, as the website, the app and the entire back office grind to a halt. The email says, “Pay or lose your data and online presence.” A compelling and heart-wrenching moment for all.

As the out-of-body experience subsides, the inevitable playbook emerges and the tech team arrives, chests pumped out and ready for action. The prognosis is simple: don’t pay and we’ll follow the proven process. Shut down the affected servers, delete the data, have some downtime and ignore any demands, and in no time the backups will restore the business to where it was. Repairs are then made, and any holes are sealed.

With smiles all around, the action plan is ready and the teams jump into action. But this time the plan doesn’t go as expected. The now highly populated office is hit with shock and numbness, one by one, and like a set of dominoes, everyone quickly realizes the problem. The backups are not available. They are locked by the same ransomware message seen minutes earlier on the live server.

Like an enlarged checkerboard in many a pub garden, it feels as if a very public checkmate call has just been announced. As the inevitable pursuit of a process to pay bitcoin quickly is written, it is the start of a very long day and night for everyone in the firm. They have no choice but to pay, but want to do it quietly, so as not to worry investors, customers and shareholders.

If you believe that your organization is too big, too protected and is excluded from such scenarios, then great, I admire that attitude. Just be sure to follow the evolution of the risk landscape on a daily basis. Because that’s what we’re all fighting against. The culture at Cybercriminal Towers is not to write articles, or have committees or meetings, but to be hell-bent on delivering their projects.

The ability to analyze data, perform security and penetration tests as well as having good governance in place from the likes of Management Information and policies and procedures is often seen as the boring or bureaucratic bit of technology. As shown here – this is really not the case.

At the end of the day, your IT team may think they have all your security needs covered, but in reality, they probably don’t. As a CEO or CTO, it is wise to get an external opinion or a third party to assess the security holes. Should you ask the IT team more questions about the cover in place and challenge it?

About the author: David Davies, CEO of Navos Technologies, is an expert in helping financial services firms manage online threats. As the former chief information officer at Hargreaves Lansdown, where he oversaw a team of 400, he is well placed to understand the importance of a watertight cyber defense strategy.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *