The UK’s National Cybersecurity Center warns of the high risk to UK businesses from cyberattacks which have increased since the invasion of Ukraine.
All local businesses that use the internet are at risk, so I recently spent a few hours at Riela Cyber, realizing how dangerous that risk is.
It’s a security operations center in Ballasalla and I’m standing in front of a big screen showing a map of the world.
There are constantly moving and changing lines connecting countries and continents.
It looks like the kind of diagrams airlines use to display their routes, but the truth is far more sinister. What these lines indicate are live cyberattacks by hackers based in one country against computer systems in another.
There is a running total of the number of attacks that have taken place today. It’s hit nearly eight million and it’s not lunch time yet. Some days, according to Dr. Joseph Ikhalia of Riela Cyber, it can be as high as 60 million.
If you think your organization is safe from hackers, maybe it’s time to think again.
Joseph is responsible for risk and threat management. He is responsible for managing cyber risks, assessing clients’ digital vulnerabilities and hunting down threats to their organizations.
It says: “The first key objective of the Security Operations Center (SOC) is to gather intelligence.
“It’s important to have this ability because one of our key principles here is that you can’t protect what you can’t see.”
Joseph points to another large screen: “This is an open source threat map that displays threat intelligence. It allows us to track web attackers, denial of service attackers and intruders, as well as scanners.
“Web attackers are those who look for vulnerabilities on your website. They can inject code remotely from their laptop, from anywhere – they can even be on the beach and have developed a bot to automate the attack of the website.
Denial of service is another big threat to organizations. The goal of these attacks is simply to bring down your business.
The war between Russia and Ukraine has been fought, not only on the ground, but digitally, through denial of service attacks between the two countries, destroying government websites and financial payment systems.
Cybercrime is big business on a global scale and threats can be driven by a number of inducements, from almost anywhere in the world, although Joseph says some places are more ripe for hackers.
He says: “Some Russian hackers are very brazen, they don’t even hide their identity.
“They leave a digital footprint because there is state protection [in Russia] and you can’t assign them. There is no agreement with any nation to bring a criminal through Interpol and bring him to justice.
Cyprus, Malta and Turkey are also popular locations for hackers as these countries are also less well regulated.
Sometimes attacks are carried out to gain a commercial advantage.
Joseph says: “Seven years ago a British national was hired for $10,000 to dismantle the main telecommunications infrastructure in Liberia and was paid by a competitor in Liberia. He didn’t make it from Britain, he went to Cyprus. Within a month, Liberia had no internet and the other company stepped in.
“So your cyber threat actor could be anyone: it could be a competitor, it could even be a disgruntled employee.”
How would an attack typically unfold?
Joseph explains, “One of the first things a hacker will do is find problems on your network using a scanner. It’s not really an attack, it’s the reconnaissance phase, to gather information.
Assuming they find a vulnerability, they would then penetrate the outer defense of the permit using that vulnerability and start looking for ways to gain access to valuable data, be it emails, information bank accounts or even GDPR-sensitive information. Although this is an oversimplification, this is usually done using malicious software which would come in the form of viruses, spyware, Trojans or worms.
No network is infallible, which is why monitoring all systems is crucial to successfully mitigating potential threats.
“Security triage” is a process used by security operations centers to classify and prioritize threats based on the level of danger they represent.
As an example of a typical attack where multiple intrusion attempts occur simultaneously, we would prioritize a cobalt attack over crypto mining or brute force knowing the risk perspective and l potential impact on the business.
Riela Cyber staff pride themselves on being proactive when it comes to security. They go in search of threats. Their enterprise-grade vulnerability software can scan client networks from inside and outside. In addition to detecting vulnerabilities at the time, this data is stored for 12 months so that trends can be spotted as a model builds.
Joseph recalls: “Two years ago, in 2020, we identified and stopped a persistent threat against one of our high value customers and through our investigation we were able to identify the perpetrator as a hacker. well-known Russian, Alexander Volosovik. He is protected by the Russian state, so other than thwarting his efforts, there was nothing we could do to bring him to justice. He tried unsuccessfully for four months to access our client using thousands of different locations.
We still believe our island location is safe from traditional crime, but it’s worth remembering that hackers don’t think in geographic terms – “for them, there’s only one hop, one address IP,” says Joseph.
For local businesses, the most debilitating threat to their business is a ransomware attack which has become more prevalent since Covid. Working from home, which actually extends the workplace, has made it easier for criminals to find vulnerabilities. Ransomware attacks encrypt company data and it can only be decrypted by paying a ransom to hackers or restoring from a backup that most hackers delete before encryption.
Christian Goelz, director of Riela Cyber, says: “The ransom is not even the most expensive.
“If you recover your data after paying ransomware, which we do not recommend, you still need to rebuild your entire data structure. Decryption does not restore your data to its original format, it just allows you to access it The worst case we worked on recently saw a company lose five months of accounting data: imagine having to call your customer to ask how much he owes you?
“We’ve had customers without email for weeks and without access to any of their files or contracts. It can be extremely expensive to recover your transactions.
“Then, once you’ve recovered, you need to determine if any GDPR data has been stolen and take appropriate action to notify affected authorities and consumers.” If you did not take any cyber measures, your GDPR fine may be greater than the ransom.
“One issue we see is that many businesses in the Isle of Man are unprepared and completely unaware of the risks, so there is little budget for cybersecurity.
“Even insurance companies are starting to be more restrictive on their cyber policies due to the high risk posed to all businesses.
“Companies need to deal with the threat from the start and it can be done in a structured way with the right controls in place. However, most don’t understand the risk and don’t think they can be a target. ‘
And, according to Christian, it’s not gaming or digital companies that get hacked, as you might expect, because they’re better prepared for cyber threats.
“It is more often traditional businesses that are unaware of the risks: manufacturing, hospitality, business services or the legal sector who forget how dependent their organization is on digital technology.
“Your manufacturing equipment no longer works without a computer, and when the database is compromised, the machine no longer turns on,” explains Christian.
And he adds: “A lot of companies on the island only see cyber as part of IT, but in fact a cybersecurity specialist will see it from a different perspective.”
“We always say that IT runs your infrastructure, runs your computer and your email, while cyber keeps it safe.
“So it’s a full-time job to maintain it and it’s a full-time job to secure it.”