Chapter 4 – Cyber Security Threat Prevention and Best Practices

Source:  https://unsplash.com/photos/uh5TTKr5e_w

The threat landscape is ever-changing! With the change in motivations behind the attacks from an individual system disruption, service disruption, network disruptions, state-sponsored, underground economy, and the recent ransom extraction, everyone is now forced to review their security measures against their IT systems or infrastructure. Gone are the days where the attacker had to put in reasonable efforts, to do reverse engineering to develop an exploit, after a patch is released for a known vulnerability. With the availability of the tools and exploits online, the attackers now need to put in much lesser efforts to improve or construct new exploitations tools for their needs. In order to counter these attacks effectively, one needs to do a thorough review of their security posture.

Cybersecurity threat prevention and incident management are handled a bit differently for the two-broad categories – steps taken by organizations and, steps taken by individuals. While the scope of this document is primarily around individuals, a quick view of the activities used by an organization can help build a complete perspective.

Organizations usually achieve the objective by certain popular measures – risk management (of their IT system), building incident management and response capabilities, periodic review of cybersecurity metrics, deployment of effective detection and prevention tools, continuous patch management, and, very importantly, training their human resources and raising and maintaining high awareness among human resources.

Individuals take simple measures such as installing antivirus, installing a firewall, using authentic software/applications, being cautious of any email attachments, regular backing up of files, etc. Individual measures will be discussed in more detail in this document.

By the end of this module, you will learn:

• Overview of Threat Prevention and Threat Incident Management practices
• Suggested popular Best Practices to protect an individual from cybersecurity threats
• Overview of select futuristic trends in cybersecurity threats.

Overview of Threat Prevention and Threat Incident Management practices

Key Popular Practices by Organizations – Organizations’ best practices for defense from cyber defense include basic but extremely important countermeasures. Some of the key practices are:

Risk Management – Minimizing the adverse impact and the need for a strong base in decision-making are the main reasons organizations implement Risk Management on the IT systems. Changes to IT resources may likely introduce vulnerabilities and change the overall risk status. Effective Risk Management helps identify what are the more critical or sensitive resources so that, more stringent security controls can be applied or more efforts are required to protect. Integrating Risk Management into the System Development Life Cycle, help address security at all the stages in the Life Cycle and would yield effective results.

Incident Management – An effective Risk Management Program includes effective Incident Management and Response capabilities. A risk, not prevented by the Risk Management Controls establishes an incident. The organizations must have a strong Incident Response Team, with clearly defined Roles &Responsibilities and, Incident Management Plans to manage such incidents with an intent to stop it from leading to disaster. Incident Management is more often crisis management and hence, the policies and procedures should be clear and to be able to follow easily. The procedures should be periodically reviewed and tested for more effectiveness.

Periodic Review – The organizations should continuously monitor the Security Metrics and review their effectiveness, periodically. This helps know the effectiveness of the implemented security controls, realign the existing or implement additional controls to manage the Information Security.

Detection/Prevention Tools – Most organizations would have Intrusion Detection or Intrusion Prevention or both systems in place to detect and protect the network from malicious attacks or breaches. Apart from detecting threats or attacks, the IDS can also be used to identify problems with an organization’s security policy, document existing threats, and use the information to update awareness programs to stop users from violating the organization’s Information Security Policies. Fine-tuning these tools regularly to maximize the accuracy in recognizing real threats while minimizing the number of false positives would help detect and defend new & zero-day attacks effectively.

Patch Management – The organizations should revisit their patch management process and extend this to the complete IT systems. The increased attacks on the IoT devices can be addressed by including the Firmware updates in the Organization’s Patch Management process.

Training & Awareness – People are the greatest risk to any organization. Their actions by mistake, accident, lack of knowledge and maybe occasionally with malicious intent lead to incidents. Providing periodical training on operational knowledge and Awareness campaigns on the information security concepts will help them contribute to the Information Security Management. Include awareness on Handling email attachments, Phishing, Vishing, Click-jack, Social Engineering, etc., in the training sessions. Test the effectiveness of the awareness training, periodically.

For individuals, the best practices are simple.

The good news is that in most cases, some pretty big security organizations stand between the consumer and the hacker, e.g. the SecOps team at Verizon or AT&T. There are still preventative measures you should take to help ensure your information’s safety and these are discussed in detailed in the next section of this document

Suggested popular Best Practices

Popular Safety Measures

Password: To prevent unauthorized users from connecting wirelessly to our router, stealing our Internet connection and even accessing other computers in our local network, these are usually protected with a password. Without it, access cannot be possible. However, these passwords are often weak and easy to hack. If we check our router, we will surely find one of these 3: admin/admin; admin/password; admin/. Once they have accessed our router, hackers the password has total freedom to change the Wi-Fi password and prevent us from accessing any device we use. To avoid this, we must change the default access password of the Wi-Fi network supplied by our Internet provider. These passwords are configured with an algorithm that is available to anyone. So, by simply reading a tutorial on the Internet we might be able to misuse that information ourselves. Therefore, we must assign a password that complies with all security measures:

• Contain lowercase, uppercase, numbers, and letters.
• Do not use birth dates, pet names, favourite foods, and other easily guessable data.

Encryption: We must be careful with what we publish on our social networks. They store large amounts of information about the activities we do, the places we visit, the people with whom we interact, our hobbies, the food we like, etc. All this information can be used by an attacker to know our profile or plan and launch custom attacks such as the phishing that we mentioned in the first part of this guide. Besides, the information collected can be used even for kidnappings or extortions.

How to know which application is safe? In mobile technology, most messaging services such as WhatsApp, for example, offer an encryption system in all our conversations. This means only we and the person with whom we communicate can read the messages, preventing access to third parties. In fact, and even if the cybercriminal could get all the shared information, they would only see codes that could not be deciphered.

When surfing the Internet, it is recommended to do it on those websites where HTTPS is placed in the address bar, which also gives the user extra encryption. When the URL of a website starts with https: //, your computer is connected to a page that is speaking to you in a coded, invader-proof and more secure language. And we must navigate in these types of websites specially when we make online purchases, as long as they are linked to recognized electronic payment gateways like Visa, Mastercard, Paypal, among others.

Firewalls: An additional tool to protect against Internet threats is the use of a firewall. It is simply a security tool that controls which applications have access to the Internet and which connections are allowed to access our computer. Firewalls are usually programmed to automatically recognize threats, which means they are usually easy to use and do not interfere with the way we use the computer.

VPN Virtual Private Network: Another very good measure is to use a VPN (Virtual Private Network), which is a network technology that allows us to create a local network (LAN) even if we are browsing remotely and we need to pass the information through a public network. A VPN creates a kind of tunnel and prevents anyone from catching and using that information. Thereby, we make sure everything that comes out of our devices is encrypted until the receiver of the message gets that information. This can prevent man-in-the-middle attacks, a type of threat in which the cybercriminal acquires the ability to divert or control communications between the two parties.

Antivirus: It is essential to keep our operating system updated and use the best antivirus to alert and protect us against possible threats. It is also important to run it periodically to find and remove malware, as well as perform automatic updates. If you are debating whether to buy an antivirus license or get one for free, we must bear in mind that although most of the free software are of high quality and offer a reasonable level of security for home users, they do not always offer the same level of protection. The best option would be to consult with an expert, and if possible, choose an antivirus that has technical support to help us with the configuration.

• The best option is not to trust innocently in the first thing that comes into our email inbox, in that link offering us a free product, in that user who wants to add us to a social network and that we do not know, etc.
• One must think twice before doing any of those actions – if something is too good to be true, then it is very likely to be fraudulent or harmful.
• It is always advisable to use spam filters that help block bulk emails that may contain malware.
• One has to be careful if someone, even a friend with good intentions or a member of the family, gives us a USB or removable disk to insert it into our computers. They could have hidden malware in it without even knowing. Therefore, it is essential to scan with an antivirus every element we introduce in our devices or download from the web.
• Also, one should get used to backing up our device periodically to minimize data loss.

Devices such as a smartphone, a tablet, a smart TV; smart appliances such as refrigerators or ovens; even thermostats, blinds, doors, and lights controlled from your phone. This is the Internet of Things or IoT. Currently, all these devices are connected through Wi-Fi, Bluetooth or infrared connections and communicate with a central control which is usually found in the same domicile or the central server of the manufacturer. The tendency shows there will be more devices than people in each house. And these devices play an increasingly important role in domestic life.

However, the IoT represents a difficult challenge for security. The sensors of all domestic devices, even the vacuum cleaner robots that have become so well-known in the last few years can store valuable information about our homes. The internationally known brand Roomba stores information about the dimensions of the houses and plans to sell it to other large technology companies.

Internet of Things devices collect data about us: they know what television programs we see, what we say inside a room, at what time we arrived home, etc.

Overview of select futuristic trends in cybersecurity threats

How serious of a problem is cybercrime? A study by Cybersecurity Ventures predicts these crimes will cost the world $6 trillion a year by 2021. Cybercrimes have become big news, with large data and security breaches at companies generating headlines, and cyber threats from foreign locales such as China and Russia threatening U.S. businesses and elections.

Deepfakes is a combination of the words “deep learning” and “fake.” Deepfakes happen when artificial intelligence technology creates fake images and sounds that appear real. A Deepfake might create a video in which a person’s words are manipulated, making it appear that a particular person said something which in reality they never did. Deepfake voice technology Technology allows people to spoof the voices of other people — often politicians, celebrities, or CEOs — using artificial intelligence.

Synthetic identities are a form of identity fraud in which scammers use a mix of real and fabricated credentials to create the illusion of a real person. For instance, a criminal might create a synthetic identity that includes a legitimate physical address.

Using artificial intelligence, hackers are able to create programs that mimic known human behaviors. These hackers can then use these programs to trick people into giving up their personal or financial information. In these attacks, known as poisoning attacks, cybercriminals can inject bad data into an AI program. This bad data can then cause the AI system to learn something it’s not supposed to.

The idea of quantum computing is still new, but at its most basic, this is a type of computing that can use certain elements of quantum mechanics. What’s important for cybersecurity is that these computers are fast and powerful. The threat is that quantum computers can decipher cryptographic codes that would take traditional computers far longer to crack — if they ever could.

As more cars and trucks are connected to the Internet, the threat of vehicle-based cyberattacks rises. The worry is that cybercriminals will be able to access vehicles to steal personal data, track the location or driving history of these vehicles, or even disable or take over safety functions.

As the world continues to adopt digital transformation, Given the rate of change, a reliable and actionable threat intelligence, becomes very important. Popular threat intelligence measures are:

Peer-based Threat Intelligence: The first, and most common, is based on a survey of security leaders or similar individuals that asks about the sorts of threats they have been experiencing. This sort of intelligence can be especially valuable if those people being interviewed operate within the same industry or live in the same geographical region.

Expert-led Threat Reports: Threat intelligence not only needs to provide a historical review of the threat landscape but also predict potential evolutionary points for malware and cybercriminal strategies. One should start with threat reports produced by professional threat research teams.

Threat Feeds and Internally Gathered Intelligence: In addition to these intelligence sources, security leaders need to subscribe to live threat feeds that provide robust and actionable information, as well as services that provide real-time updates and recommendations from the cybersecurity front lines.

Improving organization’s ability to not only properly defend itself against current threat trends, but also predict a broad number of future attacks requires threat intelligence that enables organizations to be proactive. This ability to “see the future” of threat trends allows organizations to not only more effectively defend against current attacks but prevent the next wave of attacks before they occur.