iac-education
iac-education

News

Back to News

Counter-at-hack - How business can fight back

By Edward Lucas | 10th December 2015

Counter-at-hack - How business can fight back

“manual typewriters and carbon paper will be the must-have technology of 2016.”!

An interesting article on the Cyber Security outlook in 2016.......

SCIENCE AND TECHNOLOGY

Cyber-security will start working in 2016. Though people’s growing dependence on the internet continues to give attackers the upper hand, for those with the time, money and willpower required, the ingredients of effective defence are falling into place. It is becoming easier to identify attackers and the means they use, easier to foil and deter them, and easier to repair the damage they do.

The first ingredient of security is identity. Well-run organisations will stop using passwords and logins in 2016. Instead they will use identifiers that are harder to copy, fake, steal or guess, such as biometrics (fingerprints, retinas, posture, gait and even typing habits). Security questions will stop being asinine (“mother’s maiden name?”). Instead they will ask you to give numbers from codes continuously generated by an app on your phone. Identification that depends on a triple lock—something you have, something you know and something you are—is harder for an attacker to replicate.

Secure identity is only one element: it does not help if a network is badly designed, or if the people who use it are gullible and careless. The biggest source of infection is e-mail attachments. Opened by the unwary, they can contain a toxic payload of mischief-making software which wreaks havoc, stealing or corrupting data. Luckily, screening attachments is getting easier. One option is to quarantine them. Even better is to strip them down and rebuild them safely as standardised documents with no room for malware—an approach pioneered by Glasswall, a British company.

Attackers will still get in (too much badly designed hardware and software is out there, and seemingly innocent websites can be doctored to infect computers that visit them). The only safe assumption is that your network is breached, and to make sure that you deal with intruders promptly—not after the 200-odd days which it typically takes. Many networks have no means of detecting a breach at all. And old-style cyber-security generates too many alerts: “false positives”, in the jargon. When a burglar alarm rings constantly, people ignore it. Now the combination of cleverer algorithms, better data collection, cheaper storage and greater processing power makes it easier to automate the detection of anomalous behaviour, and to work out who is up to what. Watch out for companies in this field such as Vectra Networks, in San Jose, California.

A third big shift is virtualisation. Instead of running a network of lots of computers, any one of which can be infected, you run lots of sessions off one big server—in effect replicating each user’s machine with software. Virtual sessions are much easier to monitor than a physical computer: you can make sure each user has up-to-date software, and is behaving sensibly. Any suspicious activity—such as snooping around your network, browsing the darker corners of the internet or transferring large amounts of data at odd hours—is flagged up and can be closed down promptly while you investigate.

Threat intelligence is improving, too. Attackers—whether they are spies, criminals or pranksters—are people. And like all people, they are vulnerable to the tricks of the spy trade. Defenders can turn the tables on them, infiltrating the chat rooms and marketplaces where they do business. Honeypots and honeynets (phoney targets designed to lure attackers onto a network) give the defenders a chance to identify their enemies and work out what they are up to. Companies such as Black Cube, an Israeli outfit that hires ex-spies, offer such services.

None of this guarantees success. Solid cyber-security is like a strong immune system. Good health plus personal and public hygiene give it the best chance, but not invincibility. Keeping the most important data away from any electronic network is the best defence of all: manual typewriters and carbon paper will be the must-have technology of 2016.

Edward Lucas - Senior editor, The Economist, and author of “Cyberphobia: Identity, Trust, Security and the Internet” (Bloomsbury)