Complex Made Simple

Cybersecurity is no mystery: Be organized, proactive and vigilant

Cybercriminals play the odds: cast a wide net and hope to catch a few unsuspecting fish. If you are not proactive, do not work on simplifying complex security tools, and fail in being vigilant, you are likely a future victim

If you are constantly wrong-footed by events and incidents, it’s a significant sign you should look to simplify your stack You could have paid all your bills but you still might get a message saying a payment failed to go through The COVID-19 pandemic has driven a significant spike in DDoS and password login attacks

Cybercriminals play the odds: cast a wide net and hope to catch a few unsuspecting fish. If you are not proactive, do not work on simplifying complex security tools, and fail in being vigilant, you are likely to make mistakes, overspend on cybersecurity and take the bait.

Read: The latest course, security tips, and cyber awareness on working from home

Dealing with complexity

Security teams in the Middle East and around the world often struggle with complexity, according to Nader Baghdadi, General Manager, META, Secureworks.

With numerous, overlapping cybersecurity tools, extra layers are often added to the stack, making it difficult to manage and monitor. There are several warning signs that will indicate the cybersecurity stack is becoming too complex.  

1. You’re reactive, not proactive

Complexity leads to reactivity. If you are constantly wrong-footed by events and incidents, it’s a significant sign you should look to simplify your stack. A key indicator of this is the volume of alerts that your team struggles to process.  

2. You can’t identify where the budget is going

If you’re struggling to track where all your budget is spent, that can be a bad sign. If Chief information security officers (CISOs) are struggling to identify the spend, it’s likely there is a complexity issue. 

3. Multiple tools doing the same thing

Some security teams have four or five programs running vulnerability scans at the same time, for no good reason. One should be enough. These programs can generate a lot of noise that negatively impact KPIs for the security team.

4. Staff struggles to master the tools

If your security staff is struggling to master the tools in your stack, this is a strong signal that there may be too many. The goal should be to arm your analysts with a couple of tools they can truly master.

5. You’re protecting things already protected

It’s wise to think about your environment and identify areas where you might be duplicating security controls.

6. You’re spending a lot of time documenting tools

If the team feels like they are documenting every operation for a tool, that’s a sign something is wrong. It could be that the tool itself is not the right one for you. Or, it could mean tool configuration is too complex and the tools not user-friendly enough.

Read: Remote work cyber protection lacking: GCC region under attack

Scamming tricks

It is important for cybercriminals that you not only read their messages but also react to them: click on a link, open an attachment, pay a bill. To get you to do that, they need to grab your attention.

Online scammers use numerous techniques but here are the most common schemes in use, according to Kaspersky.

A notice from the tax service

You receive an e-mail stating that you have not paid a tax in full, and now interest has been added to the bill. If you want to appeal, you’ll have to download, fill out, and submit the attached form. The form contains a macro, though, and as soon as you enable it (most users automatically click “I agree” in pop-up windows), it immediately downloads and runs malware.

Notifications about pending payments

You could have paid all your bills but you still might get a message saying a payment failed to go through.  You are prompted to go to some strange site and only your common sense can stop you from paying the same bill twice.

Proposal from a mysterious contractor

Scam sales e-mails include malicious attachments meant to look like product or service details.

Security service notification

On receiving an e-mail from the important-sounding “chief security officer” instructing employees to install a security certificate, many will comply without noticing that the message came from a bogus address.  

Types of Phishing 

A RAT in the computer

Cybercriminals are particularly fond of remote access tools (RATs), which enable attackers to get into the corporate network, where they can steal important documents, locate the finance manager’s computer, and intercept payment system access data,  and then transfer money to their account.

Ransomware

Ransomware encrypts files so that they cannot be used.  Some types of ransomware spread over a local network, penetrating one computer initially but encrypting data on every machine the Trojan reaches.  

Spyware

Cybercriminals also like using spyware Trojans — malware that collects maximum information. The spyware sits quietly on computers, logging usernames, passwords, and addresses, and harvesting messages and file attachments. Expertise or plans might leak to competitors, whereas for other businesses, the main threat from spyware is that the attackers might get inside the financial system and steal money.  

COVID-19 and DDoS attacks

Covering incidents from the beginning of 2020 to August, new analysis from F5 Labs shows that the COVID-19 pandemic has driven a significant spike in DDoS and password login attacks.

“This year’s holiday shopping season will be more online than ever and under intense fire from cybercriminals. Our rising usage and dependence on technology have brought increased levels of already growing attack trends,” said Raymond Pompon, Director of F5 Labs.

As lockdowns hit from March onwards, security incidents rose sharply. Numbers plateaued with a three-fold spike over previous years in April. In July, they were twice the level seen at the same time in 2019.

The attacks fell into two large buckets: Distributed Denial of Service (DDoS) and password login attacks. Password login attacks were comprised of brute force and credential stuffing attacks. Both involve attackers trying to guess their way past a password login.

From January through August, 45% of reported incidents were related to DDoS and 43% were password login attacks. The remaining 12% were reported incidents for things like malware infections, web attacks, or attacks that were not classified.