To put a cyber security protection plan in place, first there is a need to understand who might be attacking you? Cyber criminals who are interested in making money via fraud or sale of secret and valuable information could attack you. There are various foreign intelligence services and industrial competitors who has intention of gaining an economic ad- vantage for their countries. Some hackers also attack just because its their passion or for fun. Another form of cyber criminals is hacktivists who have political or ideological motives to attack companies and government institutes. Your employees could also target your company either by accident or deliberate misuse .
If the attacker is persistent enemy, then the attack might consist of repeated stages. The purpose of attacker could be to search your network defences for weaknesses which he could exploit to achieve their ultimate goal. For any organisation big or small, it is imperative to understand these stages so that they could protect their network efficiently .
A. Combating Cyber Attacks in UK
In UK, everyone should take prevention measures to avoid cyber attacks in UK after Brexit. To apply these measures properly all the organisations must understand theSTATISTICS OF BREXIT IMPACT ON CYBER SECURITY IN UK .Mostly cyber attacks are comprised of four stages: Survey, Delivery, Breach and Affect. Every organisation whether its private or government, big or small should apply following security controls at each stage to reduce exposure to a successful cyber attack .
1) Survey: At this stage, the attacker would investigate and analyse the available information about the target to find out potential weaknesses and vulnerabilities. An attacker could find a lot of information about a system and its software from the default settings of a system. These settings could broadcast a range of network protocols and channels which could be exploited by any attacker if not removed. The attacker could use network scanning tools at the target network to identify the following:
• open ports
• open services
• default settings
• vulnerable applications and operating systems
• the makes and models of your network equipment Attacker could also use social engineering (e.g. social media) to exploit user innocence and kindness to obtain secretive information.
Any organisation should definitely carry out survey among their people and analyse the data. This would tell the IT staff the level of understanding of the rest of departments employees about cyber security. According to this survey, IT staff should develop lectures which should tell employees about what they are allowed to include in public available documents and web content. Moreover, such lectures should also include about the risks involved in discussing work related information in social media. The employees should also be warned about phishing attacks. These lectures in any small or big organisations could improve the cyber security awareness among employees and thus would reduce cyber breaches tremendously .
2) Delivery: By continuous investigation, an attacker would get to a point where he found a vulnerability in a system which he could exploit. Following are some exam- ples:
- An attempt to get access to an organisations online services
- An attempt to send an email with a link to a malicious website or an attachment which could contain malicious code
- An attempt to give an employee an infected USB stick away at a trade fair etc.
- An attempt to create a fake website so that users visit attackers website instead of an original one.
The most important thing for an attacker is to decide how to deliver to the organisation employees the malicious code so that he could breach the network. To avoid this, following control measures should be carried out by IT staff of every organisation .
Network Perimeter Defences: The IT staff of any organisation should pay attention to apply network perimeter defences which could block insecure or unnecessary services. But these defences could also allow permitted websites to be accessed so that the employees could do their work properly.
Malware Protection: Another important kind of protection which should be applied by network staff is malware protection. This could block emails and stop malware being downloaded from websites.
Password Policy: Every organisation should prevent their employees from selecting easy passwords. Moreover, every account should be locked after a low number of failed attempts.
Secure Configuration: Every system in an organisation which is used to conduct business should have restricted system functionality depending upon the needs of business operation.
3) Breach: At this stage, the attacker would exploit the vulnerability of network to gain any kind of unauthorised access. The nature of vulnerability and exploitation method would decide the harm that could be done to your business. This could allow an attacker to:
- Change the system to affect its operation
- Get access to online accounts
- Get complete control of users system or any other IT device
By doing so, the attacker could act as a victim and then use his legitimate access rights to get access to other users system and information. To avoid this stage, following prevention measures should be adapted by every organisation .
Patch Management: A patch is a set of changes to a computer program or data which is designed to update, fix or improve it. This could also fix security vulnerabilities and other bugs and could also improve usability and performance. As soon as network staff notice any system vulnerabili- ties, they should apply patches to limit exposure to cyber breaches.
Monitoring: The IT staff should carry out regular system monitoring and analyse the network activity to identify any malicious or suspicious activity.
Malware Protection: If the network engineers place mal- ware protection with in the internet gateway then they could detect malicious code in any significant data file.
Secure Configuration: Engineers should definitely remove unnecessary software and default user accounts. There should not be any default passwords or any system features which could turn off a malware protection.
User Access: There should be a well-maintained users controls which could restrict applications, privileges and the data accessed by the users.
User Training: The social engineering cyber-attacks should also be avoided by training employees about how to avoid them.
Device control: There should be a Device Controls placed in internal gateway to stop unauthorised access to critical services. Such Device control should also stop inherently insecure services which are still required inherently.
4) Affect: Every attacker has some specific goals to achieve during a security breach. This is the final stage where after getting a network access, an attacker would carry out activities to complete his goals like stealing data or money etc. The attacker could also explore your system to expand their access and establish a persistent presence i.e. taking over a users account. If an attacker got an administration access to even one system in your network they could easily install automated network scanning tools and discover more about organisations network. They would be successful to install such software because they would turn off the systems monitoring processes by using administrative access .
If by any chance, the attacker was successful in achieving full access then its really hard to detect their actions and eradicate their presence from system. This is where a more in-depth approach to cyber security could help. For example, if the organisation had a backup data in secured network, then they could create a new network with their backup and could make hacker attempts unfruitful. Thus, it is imperative to keep backup data so that it could be used if the organisation network is compromised .
B. UK Government Efforts to prevent Cyber Crime
The UK government have been extremely efficient in combating cyber crime. The National Cyber Security Centre (NCSC) published a report ”Self Help for Cyber Essentials” to help organisations to take necessary steps to prevent cyber- attacks. Similarly, NCSC launched ”Cyber Essential Certifi- cate” which can prove that any organisation with this batch have necessary prevention measures in place to stop security breaches . Another scheme ”Cyber Essentials”, which is backed by UK government and supported by industry is launched to help organisations fight against the cyber attacks . Since the inception of NCSC in October 2016, it responded to more than 800 cyber-attacks and prevented more than 54 million malicious emails attack send to UK government .
The organisations in manufacture industry residing either in UK or European countries should follow The Govern- ment’s Code of Practice for Consumer Internet of Things (IoT) Security guide launched by UK government. This would allow them to manufacture the devices and apparatus which are less prone to cyber-attacks. The Brexit should not stop industries residing in European countries from following this guide as it could provide strong security against cyber- crimes .
National Cyber Crime Unit The NCCU is a part of National Crime Unit of UK which leads the UK response team against cyber crime. It works closely with the Regional Organised Crime Units (ROCUs), the MPCCU (Metropolitan Police Cyber Crime Unit), partners within Industry, Govern- ment and International Law Enforcement to respond rapidly to changing cyber threats. The NCCU receives its funding from the National Cyber Security Program. In 2015, over £200 million were allocated to National Cyber Security Program . This funding is used to support development and transformation of the UKs cyber capabilities across Government. With all of these programs and funding, UK government is doing everything in its power to combat cyber breaches efficiently and effectively.
Although Brexit will not impact UKs cyber security rela- tionship with NATO and Five Eyes. It will have an adverse impact on workforce of UK’s cyber security industry. Due to the uncertainty of Brexit, the impact on UK’s cyber law like GDPR implementation is unclear. But, Brexit will be an adverse effect on UK’s cyber crime agencies framework as UK will definitely not be able to make or change cyber laws. Instead UK will have to abide by laws made by Europol due to maintained equivalency between UK and EU data protection frameworks. It is not in UKs interest or the EU to terminate their long term cyber security partnership. Both sides should keep mutual benefit in mind during the negotiations of engagement and information sharing matters. The focus on mutual interest should not be deviated by political horse-trading or ideological intolerance. The Cyber security of UK and EU neighbour countries is too important to be a Brexits causality. The UKs basic goal should be to protect and promote national interest. For this taking, a long term strategic path for cyber security is imperative. The uncertainty of Brexit should be an opportunity for UK to test, alter and plan its cyber security ambitions for the future.
Let us know If you have any questions or suggestions about Brexit impact on Cyber Security in UK. Share your thoughts in the comments section!
Do you know anyone who would like to read the information in this post? Share it with them on facebook, twitter and linkedIn.
Please remember that sharing is caring!