IT is core business for high-tech companies. In order to be able to meet the ever-increasing demand and to be able to serve customers well, they strive for the highest possible availability of systems and they innovate continuously. At the same time, because of their technological nature, these companies are often an (easier) target for cyber criminals. The impact of cybercrime is particularly high for these companies, especially due to the valuable intellectual property they possess. They face cyber threats on a day-to-day basis, where service disruptions can have profound financial implications and damage the company’s reputation. A recent example is the zero-day vulnerability in Microsoft Office Suite, specifically in Word.
Large attack surface
There are several reasons why high-tech companies are at greater risk of a cyber attack. First, because they have a higher risk appetite to have. This means that they are willing to accept more risk, in order to increase turnover and grow faster. In addition, high-tech companies such as creators or early adopters use of new technologies that are often not yet optimally protected because they are still under development. The open collaboration culture within and between these organizations also makes them an easier target.
High-tech companies often use locally installed solutions, because as early adopters they do not (yet) have a one-size-fits-all cloud solution at their disposal. The risk of this is that local innovative systems and applications often lack security. In addition, high-speed data networks are often used, which gives cybercriminals the opportunity to obtain huge amounts of data in a matter of minutes. These vulnerabilities don’t just pose a risk to the high-tech company itself. Partner organizations are also at risk, as technology is often an important part of their IT infrastructure.
Intellectual Property Protection
A cyber attack is a disaster for any organization. The moment a company loses control of essential systems, this can have far-reaching consequences for the continuity of the company. However, when the software or data belongs to intellectual property, this is even more serious. After years of investment, the loss of this can drastically reduce the competitive advantage or even jeopardize the continuity of the organization. Cybercrime therefore poses a very great danger to (the core of) every high-tech business.
What is a zero-day vulnerability?
The name ‘zero-day’ vulnerability refers to the fact that these are not yet or recently discovered vulnerabilities in the network, so there has not yet been time to solve the vulnerability. A zero-day attack is therefore an attack on a vulnerability that hackers actually discovered before the owner of the network or the supplier of the system or application. High-tech companies are particularly sensitive to this, as the new technologies they predominantly use can contain undiscovered vulnerabilities.
Detecting unknown types of vulnerabilities is difficult because most security systems aim to identify known vulnerabilities. What makes detection even more difficult is that these kinds of vulnerabilities can take many different forms, such as issues with missing authorizations, broken algorithms, bugs, and so on. For these reasons, information about exploiting vulnerabilities is only available after an attack has taken place.
An example of a zero-day vulnerability is the one in the software of Zoom for Windows in 2020. This vulnerability made it possible for an attacker to penetrate a victim’s computer remotely, for example by sending a document to a victim and to ask to open it. Then the hacker was able to take over the computer and gain access to all the files. The situation made it clear to everyone how important it is to prevent zero-day vulnerabilities. But how do you do that?
How do I recognize a zero-day vulnerability?
Abuse of zero-day vulnerabilities is best recognized by anomalous network traffic. All network traffic, or potential zero-day malware, can be compared to the information in your database of known malware. However, zero-day vulnerabilities are by definition unknown type of malware, so the database will not recognize the unknown vulnerability.
Another way is by looking at how network traffic communicates with the systems. Instead of looking at the traffic code itself, we look at the interaction that the traffic in question has with the software. Based on this, it is determined whether suspicious traffic is taking place. machine learning can be used to create a standard for secure network traffic based on data from past abuse and past and current interactions with the system. The more data that is available, the more reliable the detection.
Once a vulnerability is detected, it is important that the software is repaired as soon as possible. This involves a software patch performed to fix errors and update the system. If no patch is available yet, it is important to shield systems by disconnecting them from the network. Network segmentation is a good way to do this. If the system is not disconnectable, abuse should be detected with active monitoring and by setting maximum blocks on the firewall.
The good news is that hackers need time to prepare for an attack, which means that they have been in your network for some time before the extortion starts. An example of this is the Ticketmaster hack in 2018, where hackers had been in their network for 191 days. This gives companies that use real-time detection time to get ahead of hackers. Constantly monitoring the network for suspicious traffic is therefore of great importance. A good way to do this is to use a Network Intrusion Detection System. This is a network security technology that aims to detect attempted attacks against vulnerabilities in the network.
Conclusion
Once there are vulnerabilities in your system, there is a risk that hackers will succeed in their attempts to break into your system. It is therefore very important to detect these vulnerabilities as quickly as possible and to stay ahead of hackers. It is especially important for high-tech companies to monitor the network 24/7, since hacks have a very high impact, while at the same time these companies are extra vulnerable due to the nature of their organization.
Recognizing deviant and potentially malicious traffic in time to discover any new vulnerabilities is therefore of great importance. As a result, cyber criminals do not have the opportunity to abuse these zero-day vulnerabilities. If they succeed in doing so, the damage can be limited by rapid detection. Real-time insight into network activities and thus always have control over your network, increases the chance of preventing and limiting the damage of zero-day attacks and protects your intellectual property as much as possible.
Keep your friends close, but your enemies closer.
[Afbeelding © Sergey Nivens – Adobe Stock]