Rise of the cybermen: A guide to neutralising 2015’s most dangerous security threats

Recent speeches by UK Prime Minister, David Cameron, and US President Barack Obama demonstrate that cyber security is still a huge concern for national governments.

We should be in no doubt that another raft of counter-measures is being considered at national and international levels.

However, those in charge of IT security in the business community are not necessarily taking their cue from world leaders to re-evaluate their own policies and ensure they are still offering protection from the kind of cyber attacks that are likely to occur in 2015.

As corporate reliance on email, web applications, remote access, web browsing, mobile computing and cloud-based services increases, so does the number of potential gateways through which cyber attacks can take place.

In fact, it’s fair to say that most of the IT tools used by companies to make them more productive, flexible and responsive can increase exposure to potential security threats if not managed correctly.

As such, Systems Administrators need to reassess the effectiveness of their network security measures. But sometimes it’s hard to know where to start and which areas to prioritise. We suggest looking at three key areas:

1. Virtual & Cloud Computing

Moving from physical and virtual environments to public cloud and Software as a Service (SaaS) models brings a set of new security challenges.

These models, although greatly assisting in company productivity and cost savings, provide hackers with new attack surfaces - increasing the risk of sensitive data on servers and in emails being accessed, stolen, corrupted or deleted.

In this context, something as innocuous as migrating from an onsite Microsoft Exchange Server to cloud-based Office 365 means that email, web browser, VPN and remote working security policies need to be entirely overhauled. And that’s before you start to think about security policies and procedures that govern access to public and private cloud services such as DropBox, GoogleDocs and Copy.com.

But the potential problems don’t stop there. Cloud computing has been described as a disruptive technology, which is generally meant to be a good thing. However, this is not the case when it comes to network security and data protection.

Independent research recently commissioned by Barracuda shows almost one third of respondents thought departmental and divisional managers would, in the future, sidestep centralised IT departments to purchase cloud technology directly. This will make it much harder for Systems Administrators to keep a grip on the network’s perimeters and to minimise the risks posed at potential attack surfaces.

It’s therefore time to look further ahead and think about wider IT and corporate security policies that clearly set out who is responsible for purchasing and deploying cloud technology in the company and under what (if any) circumstances they may do so.

It’s also important to educate potential maverick cloud service purchasers and users within your company about security risks so they don’t inadvertently expose the company to cyber security threats.

2. Increased Mobile Access

We can expect to see an increase in cyber-attacks linked to mobile device access and mobile web applications this year.

Even mobile devices issued officially by a company should be considered as a potential security concern. And, of course, so should the increasing number of private mobile devices that are being brought into offices (BYOD) and used to access corporate networks.

By their very nature, all these devices are constantly moving between secure corporate networks and unsecured home or public wifi - potentially exposing sensitive data and contracting potentially dangerous viruses and trojans. They also have the potential to be compromised by apps, which can deposit malware on to corporate networks and harvest sensitive data without users being any the wiser.

To minimise these risks, Systems Administrators need to think about implementing a mobile security plan that will allow them to:

  • Restrict access to certain applications via mobile devices
  • Limit or even prevent access to mobile app stores
  • Require password and authentication for connections to Exchange, ActiveSync, wi-fi, VPN and Proxy Access
  • Monitor devices for unauthorised applications
  • Limit document sharing capabilities
  • Wipe or lock stolen devices remotely

However, the prevalence of BYOD on corporate networks makes this a very difficult area to police and there is ongoing debate about whether network security is improved by integrating BYOD in a secure, controlled and monitored way or trying to implement and then police a company-wide ban. Gartner, for example, estimates that 38 per cent of companies expect to stop providing devices to workers by 2016.

3. Distributed Denial of Service (DDoS)

This is probably the least commonly understood security risk. But it’s the one that is making the headlines and troubling national governments.

This is because DDoS attacks are often used by ‘Hacktivists’ in response to government or corporate policies with which they disagree. For those not in the know, a Distributed Denial of Service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted network. When a network is overloaded in this way, new connections can’t be accepted and the system crashes.

So how should you minimise your risk to DDoS attacks? A firewall is a good start, but contrary to popular belief it is not the entire solution - particularly if it is a few years old.

Check that your current firewall combines awareness of applications, users, content and context with network security. In order to combat DDoS attacks, it must also integrate Layer 7 application profiling, intrusion prevention, application proxies, content security and network access protocols.

Systems Administrators also need to assess the capabilities and ‘intelligence’ of other network components such as switches and routers. Do they, for example, have some rate-limiting and access control list (ACL) capabilities?

It’s also important to ensure there is plenty of bandwidth on the network. This is because the more bandwidth you have, the harder it is for a DDoS attack to block traffic and crash the system.

In addition, it’s a good idea to benchmark your day to day network traffic and set up triggers that alert you when there is an unexpected spike. This will provide the means to identify an attack pattern (or ‘fingerprint’) and to block that pattern across your network.

All of this, and a smaller budget too?

Perhaps the biggest cyber security challenge facing Systems Administrators is how to balance network security policy against available budgets - particularly when, in many companies, IT budgets are being cut.

One of the first things to think about is whether there are disparate and/or overlapping security solutions on the network, and if it is possible to consolidate them - perhaps reducing to one or two vendors, and on to one centrally managed security console or screen. This will have the three-fold advantage of forcing you to check if there are any unexpected gaps in your network security applications, of cutting daily network administration time and creating a more holistic, big-picture view of the security and protection on the network.

It should also help to cut IT security spend and the amount of physical man hours required to police the network - and prevent you having to pick and choose which areas of the network to protect.

With all of this in mind, 2015 will undoubtedly be a challenging year for Systems Administrators, but with the right planning, preparation and ongoing evaluation, you can be confident that you’ve put the work in place to minimise potential cyber security risks.

The trick now will be to stay one step ahead of those hackers. Read the news, check the headlines, follow the trends and most importantly regularly revisit and reassess your IT security policies.

Wieland Alge is VP and GM, EMEA at Barracuda Networks.