The Evolution of Cyber Threats
In 1970 the first computer virus, a worm named “Creeper”, was created by Bob Thomas of BBN. Bob was not a hacker, and the virus was not created with malicious intent. This was an experimental computer program which displayed a playful message, purportedly named after a Scooby-Doo villain. The Creeper worm proved the theory that a functioning “virus” which replicates itself and spreads to other systems on a network, could be created. This is lighthearted precursor to destructive modern viruses, which can encrypt your business/personal files and hold them for ransom, destroy your data, steal social security numbers, wage literal modern warfare, and more.
Fast forward to today, computer viruses have evolved to cause catastrophic damage – and are the bane of enterprise computing and business worldwide. Entire mafia-like networks of hackers work around the clock to extract money from honest people running businesses.
Some of the best (worst) examples of monetary damages to business include:
- Mydoom – $38 billion (2004)
- Sobig – $30 billion (2003)
- Klez – $19.8 billion (2001)
- ILOVEYOU – $15 billion (2000)
- WannaCry – $4 billion (2017)
- Zeus – $3 billion (2007)
- Code Red – $2.4 billion (2001)
- Slammer – $1.2 billion (2003)
Behind the Curve
Unfortunately, most businesses succumb to these threats because they are behind the curve on cyber-security. For a comparison, take a look at how the automobile has advanced over time. When cars became popular around 1920-1960, the rate of auto-deaths doubled. In 1949, Nash was the first American car manufacturer to offer seat belts as a factory option. They were installed in 40,000 cars, but buyers did not want them – and even requested dealers to remove them. Even by the 1960’s, most Americans did not use them, and over 65% opposed them being enforced by law.
This is eerily similar to the trend of enterprise businesses being late to the cyber-security party. We see it on the news time and time again – “Company A” had no budget for cyber-security, Ransomware hits, folks are fired, and then suddenly there is a $10 million dollar budget available for security. Maybe it is just human nature to put these scary facts off until they hit home and affect the individuals.
Modern Cyber Security Landscape
The modern cyber security framework has changed immensely, traditional antivirus is just not enough to keep threats at bay. This graphic below demonstrates all the areas that need parts and pieces that to work together in order to keep a modern network safe.
Behind all these areas, there are technologies, people, and processes that work together to provide a comprehensive security program. You could always be doing more, but at a minimum – you need to make sure you are doing enough. As the saying goes, the best time to plant a tree was 20 years ago, the second-best time is now.
Putting Together the Right Program
If we delve into these areas with a bird’s eye view, we can get a better understanding of what you need to meet the requirements and stay ahead of the threats. There are many options for different technologies, but at a base level, here is what you need:
- Identifying Threats:
The first step in the security framework is identifying what hardware and software you have. This can be done with remote monitoring and management tools, and by having a good inventory management process. Once you have your hardware and software documented, then you can move on to the next step.
- Protecting Your Assets:
Now that you know what assets you have on your network – your computers, your servers, your firewalls and switches, your phones, any internet connected devices, etc., you can begin protecting them. You will need multiple solutions to properly secure them – including a next-gen Antivirus, firewalls with security features, a DNS filtering solution, a multifactor authentication solution to protect your mobile devices, your servers, and even your workstations, and finally you will need a Security/Phishing Training solution for your users. Remember – even when you have all the proper technologies in place, users are the weakest link.
- Detecting Threats:
Now that your devices are secured, you will need to have solutions in place to monitor for threats. Remember, no solution is perfect, bad actors rely on zero-day threats which are not yet detected. Even with the ideal security posture, threats can make it onto your network. You will need an EDR (Endpoint Detection and Response) solution and a SIEM to monitor and detect activity on your network, which will identify and stop threats as they happen, as well as provide logs so you know when and how these incidents occurred.
- Responding to Threats:
The next tool in your security toolbox is for responding to threats. You need a good PSA (Professional Services Automation) tool that will receive tickets as they are generated from your preventative/detection solutions. Ideally, you will also have a third-party SOC (Security Operations Center), which is a team of experts that proactively monitor your organization, 24x7x365. This is important because threats can slip by in the middle of the night – and if you do not have someone watching, it could be catastrophic.
- Recovering from Threats
Too many organizations think of recovery as an afterthought – it is critical that you have a plan in place, both technically and on paper. Your plan should include a backup solution, ideally following the 3-2-1 rule. Your solution should be tested regularly with documented results. And finally, you should have a disaster recovery plan – or I like to call it, a disaster recovery playbook. Anyone from your team should be able to pick it up and know who to call and how to get things moving.
Now that we understand the tools and solutions – we must acknowledge that a good security program will require a fully staffed roster to manage and audit these controls, to oversee them and verify their functionality, to delegate responsibilities, to define processes, and to respond to incidents. People, Process, and Technologies; each of these areas work in tandem with the others. Remember – cyber threats are always evolving, stay on top of your game and prevent yourself from becoming another unfortunate statistic!
If you have questions about cyber security and setting up protocols to protect your business, contact us today.
The evolution of cyber threats
– Jake Allen, Solutions Engineer, IT Resource