A cyber breach is a term that broadly encompasses any unwanted entry into IT systems. The combination of extremely technically sophisticated operators and unknown system vulnerabilities in the technologies being implemented on a company's network make cyber breaches possible. It's not like getting home and finding the front door unlocked. It's more like somebody enters your home from an invisible door next to your house and that door disappears once someone enters.
Whether through a vector or a doorway, there are many entry points. An employee can click on a link in an email that takes them to what appears to be a legitimate website. Or they can click on a PDF file from what seems to be a reputable sender. That file could be malformed and be a technical vulnerability, and that website can be a malicious duplicate. That's how cyber breaches happen—they successfully convince a target of their authenticity and trustworthiness. That's why the biggest challenge is realizing that you've been breached in the first place.
We have a natural tendency to wait and see if something goes wrong before deciding whether further steps are needed. It's in our human nature. The average time to identify a cyber breach is 219 days—this is the most powerful evidence of how our human nature often overrides our logical thinking. Even the most tech-savvy company can be faced with a cyber breach, and even the most aware employee can fall victim to a sheep in wolf's clothing. We are all vulnerable to trusting in the best of people.
Remaining one step ahead is key to protecting your company and yourself. It is important to be educated not only in what to watch for, but how these breaches are done. A computer system is a networked computer infrastructure that has technical facets related to web servers. For example, your Apple charge cord has a web server in it, that acts as an operating system in the powerchip in your computer. It is as powerful as the operating system in your main computer. Even the most basic computer setup has the technically rich components. Apple does not release updates for their power cords, and therefore when bad actors access it, there is nothing you can do.
Cyber breaches often present themselves as Windows updates or Apple updates. They prompt for access to your computer, and most users have a knee-jerk reaction to accepting these requests. Hackers and cybercriminals have mastered the art of appearing authentic. They rely on name recognition and brand reputation to gain a port of entry, and they often succeed because users often only gloss over links and names that relate to major, well-known companies. Victims are left without any obvious evidence of a breach, and manufacturers are equally unaware of any incident. These breaches leave a very small sign of what they do. Even if you suspect you're a victim, it's like fighting a phantom. What can you do to a fix a problem that you're not entirely sure is there? And even if someone recognizes a potential problem, would they risk claiming accountability? Victims often don't want to admit making an error. This is a major challenge posed by any and all cyber breaches—how those affected immediately react. As we have learned, most victims fail to react to a potential breach quickly, because they don't want to feel dumb and they fear that they'll get in trouble or they just don't know.
The ability to detect cyber breaches faster and more efficiently is a topic that gets IT security professionals quite fired up. At Defcon, a white hat security conference held annually in Las Vegas, hackers from across the world come together to mingle, talk shop, pick up new tricks, and to see how much they can get away with. There are also professional technology security specialists who attend the conference to share findings from the work they've done over the years. At the conference, both groups set aside their differences and share a common intention to see just how quickly and easily they can spot and detect security bugs. In fact, some professions will pay money to be the ones to find these bugs. At the Defcon, one of the findings that was delivered discussed 5 shadow computer systems that run inside the average Apple device. Despite this troublesome finding, Apple is currently not providing a solution.
One major category of cyber breaches are called website driveby attacks. It's when you visit a website and unknowingly pick up a piece of malware along the way. Most people are under the assumption that only XXX (porn, etc) websites carry infectious malware. This is not the case. Even AAA+ websites like the The New York Times or The Globe and Mail can be carriers. There's a little bit of javascript that gets executed on your computer when you visit such a website. Then you go to another website—a website that cybercriminals know that you visit such as Netflix—and your computer has the basic Lego blocks to build a breach. Then you see an advertisement, and unbeknownst to you it's a command-and-control trojan that can sit on your computer for years until one day, boink!
Drivebys are are increasingly common because the smartest breaches are the ones that are dormant for long periods of time. They leave minimal and arcane traces that even the latest security software cannot detect. Easily infected and tough to detect is the ideal makeup of a successful cyber breach because people don't look for problems unless they can see something.
We recommend that our clients purchase, install and deploy standard security software. While cybersecurity can be extremely advanced, it's never going to be perfect, so it's important to keep your security systems up to date. Once it's known that a bug exists, cybersecurity software provides additional protection and software security specialists update their tools so that visible and invisible doorways can't be detected. Almost any line of code in your computer system can be a doorway. Eventually, the security software adds locks to windows and invisible doors, not just locks to visible doors.
Also, because of the fast pace of software development, users expect that software professionals are fixing aspects related to cyber breaches, not just making software prettier and faster. But that isn't always the case. Often software updates can actually make matters worse. This is because when software is modified, new code is often introduced that leaves the door open to vulnerabilities.
Do you think you've had a security breach? If your computer's acting strangely, chances are you have. Turn it off right away and get in touch with CITI. We can help.