CYBER ATTACKS: A horror story

Some 1,244 data breaches were reported in the United States in 2018. The good news is that this is down from the 2017 figure of 1,579, but it must be set against the alarming news that the number of records exposed increased year on year by a whopping 149 percent: from 178.96mn in 2017 to 446.52 mn in 2018. Many of these breaches occurred because a cybercriminal was able to get into a company’s environment – and IT never knew about it. These are scary statistics in their own right. But throw in a scenario whereby you can actually see these attacks happening with your own eyes – and it really does become a horror story.

Eric Rockwell, CEO of inSOC, did just that. Deploying a unique security platform (Starlight from Stellar Cyber), an AI-driven detection tool that is a fundamental part of inSOC’s security services offering, Eric conducted an experiment to see how quickly a new web presence could come under attack and to demonstrate why no company, not even the smallest SMB, is immune from cyber-criminals.

He didn’t have to wait long for the nightmare to unfold, as he relates.

The problem is that many SMBs think they’re too small to be targeted by cyber criminals. So we decided to conduct an experiment to demonstrate the reality. We set up a fake company on Amazon Web Services (AWS), gave it a fake name, spun up some fake servers, put some fake data on there. We configured it with standard, remote desktop software, the same as many companies have installed across the US. We deployed our security management system – and we waited.It took one week before the server was discovered by Russian, North Korean and Chinese hackers – and we started getting attacks.By the end of the first month the site was being attacked more than 10,000 times per day. Imagine how much alert noise that generates. And, we were getting more than ten breaches daily.Until they see it happening in front of them, companies just don’t realise their network is constantly under attack.Our goal with inSOC is to work with MSPs to drive these numbers down to zero.

world

Prevention is better than cure

This experiment demonstrated clearly the need to monitor network traffic closely: where it is coming from and going to – and question any anomalies. Why is someone logging in from Siberia, for example, if your organisation isn’t doing business there?

The scale of cyberattacks is so serious (particularly in the United States which suffered from 86 percent of the global breaches recorded in 2017 according to Gemalto), that the US Government has spent $2billion developing a cybersecurity framework: NIST.

This framework sits at the heart of inSOC’s Security Services.

NIST Cybersecurity Framework

The proactive measures shown on the left-hand side of the chart are essential to properly control cyber risk.

Given that the number one cause of every US data breach going back seven years has been unauthorized assets such as personal laptops joining private company networks, access control is a crucial first step. That means identifying all the people and devices that are authorised to be in your IT environment.

Look at the global network connections and ask: where do people really need to log in from? Where do people really need to go? If you are not doing business outside of your home country – why not contain the network environment to that country?

Once we have identified the users and devices authorised to be in the environment, then we can be alerted when a rogue user enters.

Ensure everyone understands where confidential and sensitive information should be stored. Identify those software applications that are needed to run the business – and get rid of the rest. Turn off default features in applications.

Fighting back – before you’re hit

inSOC can help.

We provide MSPs with an enterprise-level cybersecurity solution (ONE STOP SOC) that combines a preconfigured, AI-driven detection platform that is quick to onboard and easy to deploy, with vulnerability scanning and wraparound SOC services. We help you monitor and manage your client environments 24/7/365.

We enable you to discover insecure ports, protocols and services, uncovering vulnerabilities that could lead to a cyber-incident. Our SOC is alerted in real-time when an unauthorised asset enters your client environments. We do event correlation. We listen to all the logs and all real-time network traffic to understand where inbound/outbound traffic originates and we are alerted when something anomalous happens: a user logs in from the Ukraine for example, when five minutes earlier they had been logged in from New York – a high chance, then, that the account has been compromised.

Cybercrime is no respecter of size

Cybercrime hits the biggest corporations and your SMB clients with equal ferocity. And it is increasingly focussing on MSPs and ITSPs to get into your clients’ supply chain.

We face well-armed, well-funded cybercriminals. Armed with sophisticated weapons – some military grade, and in some cases funded by foreign military powers, these criminals are attacking companies and organisations of all sizes with a host of tactical weapons.

All too often, our response has been limited to chasing after the fact.

inSOC can help you to fight back by ensuring that your customers’ environments are hardened to the top 20 most effective and most critical of the NIST Cybersecurity Framework (CSF) Security Controls, as identified by the Center for Internet Security (CIS).

We arm you with enterprise-level, AI-driven technology that can be quickly installed, fine-tuned and then be deployed to protect your client networks as part of a security services offering.

The cyber horror story is not going away – but we can help you to filter out the noise and reduce the chances of a breach right down.