Listen to the audio version of the article
Cybercrime is a phenomenon that seems unstoppable. Statistics tell us that every year the number of successful attacks is growing, but what makes the picture worrying is the opinion of experts: a plebiscite of voices that tells how Internet criminals are becoming increasingly clever and organized .
Verizone Business recently released a new report outlining the usual, dark scenario, but this time instead of showing the data we chose to ask Philip Larbey, EMEA Lead of the Verizon Threat Advisory Team, to comment on it for us, searching for the reasons behind this seemingly impossibility of blocking cyber attacks by companies.
First: protecting personal identity is more complex than you might think
Philip Larbey has identified five focal points for us and the first is already a sentence: “In the last five years, cyber breaches obtained through the use of stolen credentials have grown dramatically. Digital identity management must be taken very seriously because it is very difficult for security infrastructures to understand whether those who use legitimate credentials are a criminal or the legitimate owner”. Username and password, therefore, are still the keys preferred by attackers to enter corporate networks and criminals are also becoming increasingly better at evading two-factor or multi-factor authentication, the technology that requires an action in addition to entering the password. Whether it is a code via text message, a click on the smartphone screen or a number generated by a flash drive, criminals are inventing increasingly effective systems to intercept them or have them delivered.“The number of attacks in which criminals manage to bypass authentication more factors” – specifies Larbey – “is much higher when the code or button to press is on the same device used for authentication.” This means that if we have to connect to a “sensitive” site such as the company one from a PC, it is important to use a different device to receive and enter the confirmation code: if you access from a PC it is best to use an app or ask for a text message, if you access from a smartphone it is better to use a verification system that works on the PC or on an external stick.
Attacks conducted by highly organized groups are on the rise and difficult to stop
The second type of attack that seems unstoppable is the cyber breach which involves multiple techniques. These are attacks conducted by highly trained personnel that go through several stages before reaching a conclusion. They often start by stealing credentials with which they access a computer of the target company on which they download malware. Using this program you hunt for other computers that can be compromised until you obtain a complete map of company resources and a list of targets to hit. “This type of attack” – says Larbey – “is usually the one that hurts the most. ” And the reason is clear: when criminals have a complete map to the resources and free access to them, they can choose what to steal, what to encode and what to leave as is to bring the target to his knees and force him to pay a ransom or, worse, to close.
Third: Vulnerabilities happen, but they must be closed quickly
The third danger identified by our expert is that of exploiting vulnerabilities in software. It happens quite often that vulnerabilities are found, i.e. errors that can be exploited by criminals, in programs used in the company. And companies that use multiple programs to process sensitive or mission-critical data are more exposed to attacks than others. “Usually,” – says Larbey – “companies in the banking, financial and medical sectors are the most exposed from this point of view” – and the lack of attention on the part of many potential targets plays into the hands of criminals. According to the Verizon report, in fact, it only takes five days for pirates to study and exploit a vulnerability when it is made known, but half of the companies take up to 55 days to eliminate this weakness from their computers and, even after a year it turns out that 10% of companies still have not taken steps to fix the flaw. This allows attackers to have unlimited margins of action for large periods of time. Updating the programs used in the company must be a priority to avoid suffering potentially devastating attacks.
Fourth: procedures and training are the basis of cybersecurity
In fourth place on this list of situations favorable to cybercriminals, Philip Larbey places sending information to the wrong people. This eventuality covers a very wide range of possibilities ranging from sending one’s credentials to pirates who exploit a phishing campaign to making information available via e-mail or other means that should remain confidential, through incorrect configurations of IT services that allow unauthorized access to data shared with colleagues, suppliers and customers. The report indicates that as many as two thirds of the attacks successful last year recorded at some point data being sent to unauthorized people which then resulted in crucial to the success of the breach. The solution is very complex because it mostly involves the definition of very well-defined practices and procedures and staff training.