Investment in digital infrastructure brings unwelcome consequences

Whilst I welcome Chancellor Hammond’s announcement, in his Autumn Statement, on investment in digital infrastructure and fibre networks, we must not forget that these benefits also have 'down sides'.    

Of course it is good that we are investing in faster networks as Britain has so many poorly supported areas for digital services. And, we do need to ensure that the entire country has high-speed networks, either over a fibre link, or the airways via 5G.   

But, having faster connectivity also brings benefits to the world of the hacker. Malware, ransomware, and the like, can spread faster and get into a network with greater speed, which will also mean that the exfiltration of data is quicker and easier.   

This is likely to have a greater effect on small to medium sized companies as, generally, they do not have the security in depth that larger corporations have by virtue of having greater budgets, more experience or driven by compliance regulations that force them to adopt strong data security practices.        

Unintentional actions

What smaller companies fail to do is put in place controls and processes that check what a user is doing. In many surveys, including those from Verison and the Ponemon Institute, it has been shown that 80 per cent of all data losses were caused by unintentional actions of an internal user. These mistakes were often down to ignorance of what was sensitive, or simple errors. For example, emailing the wrong document. 

We have seen cases where a user has sent the company’s entire client database rather than just send the few entries that were requested.   This situation gets even more complex when companies start to outsource services to a third party, as then they rely on that company to both train their staff in good practice and, fully understand the company’s criteria with regard to sensitive data.    

When surveys on the insider threat are reviewed, with a focus on the deliberate exfiltration of data, we once again see that the small to mid-sized companies’ do less checking of users’ behaviour and trust, rather than question, a practice. Therefore, given higher speeds of data interchange, brought about by better networks, the loss of data is quicker and need not be undertaken at times when network traffic is low. This removes the one check smaller companies had in that employees may, of necessity, need to 'work late’ in order to ‘get the data out’ and thus, were obvious targets for questioning as to why they were still in the office.   

More machines on our networks will increase the speed botnets can be distributed and these are one of the key elements of a Distributed Denial of Service Attack (DDoS). DDoS are a very real challenge that all organisations face as connection speeds are increased and more machines are compromised. The way a DDoS attack is formed using botnets will be easier as the time needed to command each compromised machine through its botnet to start sending rogue packets to the target web service intended to be brought down, is quicker and, thereafter, the stream of traffic coming from each compromised machine will be more intense, with less network delay. 

Effectively, the time needed to set up and attack will be much quicker. Today such attacks suffer from slow response time ‘pings’ and clogged bandwidth which allow monitoring systems to detect a building threat and alert or take steps to avoid the impact. If such attacks can be formed quickly the chance of reaction is reduced. 

The 'zombie army'

A botnet (Robot Network) is a large number of compromised computers that are used to create and send spam or viruses or, flood a network with messages as a DDoS. The computer is compromised via a Trojan that often works by opening an Internet Relay Chat (IRC) channel that waits for commands from the person in control of the botnet. Botnet is also known as the "Zombie Army" and is a term derived from the idea of bot networks.    

In its most basic form, a bot is simply an automated computer program, or robot. In the context of botnets, bots refer to computers that can be controlled by one, or many, outside sources. An attacker usually gains control by infecting the computers with a virus or other malicious code that gives the attacker access. A computer may be part of a botnet even though it appears to be operating normally.   

So, greater speed of networks will benefit the attack capabilities of botnets along with the increase of machines able to become infected. It is likely that such attacks will target larger companies, charities or political organisations, which tend to always find themselves under attack. By virtue of greater speeds, a much larger botnet storm can be launched very quickly, which will overwhelm most systems today.  

With great speeds comes great responsibility

These greater speeds and wider connectivity will allow more people to connect to networks and, without better security, education or system protection, it will mean that the surface area for attacks will be greater, enabling hackers to find 'weak spots' and use those to extend their reach.  It could also, worryingly, increase their privileges allowing them to gain entry to systems better protected by use of higher levels of access.   

Having greater speeds will also fuel the alarming rate of the connection of devices known as the 'Internet of Things' (IoT). These are every day devices such as TV's, kettles, fridges and home security systems.    

And, we should not forget the raft of commercial devices attached to our 'smart buildings' such as HVAC, CCTV and door entry systems. This growth is increasing the traffic levels moving through the Internet and hence greater capacity is welcomed. But this increase in device connection is also exploitable, as many of the devices were not designed with security in mind and may have ‘weak spots’, such as default passwords or open API (Application Protocol Interface), which allow the device to be ‘taken over’ without alerts. Therefore, these devices can be exploited and, given they are on our networks, they can compromise many other systems and user machines.   

Alongside the provision of faster, more efficient network services must come increased vigilance and better level security systems especially for small to medium size enterprises. Without better controls a company could be compromised and thus face the prospect of greater fines from the Information Commissioners Office, especially with the pending release of the General Data Protection Regulation (GDPR) in May 2017, where organisations face fines of four per cent of global turnover, not profit! 

Such fines will inevitably force companies to close or, due to bad publicity, significantly reduce their turnover.    

It is now time for all companies to check their data security position and ensure their staff and partners are aware of the consequences of data leakage. Embrace higher speeds of connectivity but ensure you value your data and know where it ends up! 

Image source: Shutterstock/Ai825
Colin Tankard, Managing Director,
Digital Pathways