In the Aftermath of a Cyberattack
As hackers continue ramping up their attacks everyone involved in IoT -- manufacturers, integrators, and customers -- has to improve their defenses.
Last month it was Devil’s Ivy, today there’s a completely different malicious malware or ransomware on the prowl. Tomorrow there will likely be another aggressive “Cyberattack du Jour.” Let’s face it. We live in an era of escalating vulnerability exploitations.
We’re no longer prey to basement hobbyist. Today’s hackers are sophisticated and determined. They’re likely to be well-funded by foreign governments and tightly organized into targeted hacking organizations.
For them it’s big business. They brazenly sell their base code on the dark web along with do-it-yourself instructions on how best to package and release the attack. The process is so easy to follow that even a novice hacker can launch it. They’re using a pyramid business model where the lead hacking businesses, the code sellers at the top of the pyramid, get royalties from the buyers below. Now we’re even seeing organized hacking companies complete with offices, target lists and bonus structures just like any legitimate sales organization. Employees get paychecks deposited into regulated bank accounts and pay taxes on their income. It’s become quite a lucrative industry and it just keeps growing.
As hackers continue ramping up their attacks – targeting software, hardware, even web services toolkits – we need to shore up our defenses. And by “we” I not only mean manufacturers who embed cybersecurity features into their products, but also the integrators who install the systems and the customers who use them.
It all comes down to three fundamentals: mitigate, respond and adapt.
Mitigation
What sort of defensive mechanisms can we put in place to protect our digital assets? There are volumes written about IT and end user best practices. Don’t use default passwords and user names. Hackers love exploiting this low hanging fruit. Turn off or delete unused services and protocols that might otherwise provide a gateway into the network. Maintain an inventory of all devices on the network and keep their software and firmware up-to-date with the last malware protections. Anticipate the inevitable and have a remediation policy in place that can be activated quickly to minimize your exposure. This includes regularly checking your suppliers’ lists of known vulnerabilities, attacks and remediation.
Response
If an event is detected, shut down services to that node immediately to prevent widespread infection and exposure. Find out what your suppliers know about this attack and how to get rid of it or quarantine it. Manufacturers and developers are likely to hear about a possible vulnerability in a product or service before you do and will have already been working on the patches and containment tools you need. Follow their published best practices for cyber securing their products and services.
Adaptation
Once you’ve implemented a stopgap measure learn what you have to do to permanently fix the problem. It might be as simple as automating anti-virus updates to software and firmware. Or it could be a matter of instituting stricter firewall policies, restricting remote access with digital certificate authentication or some other measure to heighten cybersecurity. But it doesn’t end there. Because the next day – the next hour, the next minute – will inevitably bring another attempt to exploit your ecosystem. And so the cycle begins anew.
Is the supply chain cybersecurity ready?
A customer’s supply chain needs to be the primary resource for executing a cyber protection and response plan. Manufacturers and application suppliers should have web site portals, subscription lists and/or push notification systems with the most up-to-date list of known vulnerabilities and patches. No system is 100% impenetrable and the sign of a knowledgeable partner is that they acknowledge this and are open and timely with alerts and remedies.
Customers should also know whether their solution providers support standards-based cybersecurity or if they rely on proprietary methodologies to cybersecure their solution(s). There are benefits to both approaches. Customers just need to know in advance if they can deploy a unified cybersecurity plan or if pieces of their solution will require separate support communications.
Never let down your guard
Whether you are deploying standard IT cyber protection measures, IoT device authentication or some combination of both, you need to keep doing your homework. Check with your component suppliers and your solution provider to ensure that all the pieces in the cybersecurity ecosystem fit together and you can support them. Most importantly, have a plan, check the plan regularly and refresh it accordingly. You have to continue to evolve your defenses in parallel with the bad guys. They’re never going to stop their attacks. So accept the reality that you’ll always need to be devising new ways to defend against them.
Vince Ricco is the Business Development Manager, Technology Partner Program, for network video company Axis Communications, Inc.
About the Author
You May Also Like