sb-eu logo
Story image

How to stop your data from getting hijacked - SolarWinds

03 Jul 2019

Article by SolarWinds head geek Thomas LaRock

Data intercepts, man-in-the-middle attacks, and other such “data heists” involve a malicious actor pinching data as it’s transmitted between two legitimate parties, often without either realising their communications have been compromised.

As cybercrime strategies go, it’s decidedly old-school, yet still worryingly effective.

Organisations often struggle to avoid man-in-the-middle attacks because hackers target infrastructure the organisation has almost no control over.

Often, that infrastructure proves astonishingly vulnerable to compromise, like when a white-hat hacker broke into several GPS services with the default password of “123456.”

The code in third-party applications and services we use, both in business and our daily lives, still tends to be the weakest link in how we protect and secure our data.

But apart from enforcing much stricter consequences on developers and firms who consistently apply “good practice” cybersecurity standards—which we should—businesses can take some measures to avoid being undone by cybercriminals looking to turn data defences into dust.

Better suspicious than sorry

Businesses can thwart many basic intercept and man-in-the-middle techniques by using IT security tools to collect, analyse, and shut off potentially compromised network traffic.

Those tools increasingly rely on global, real-time databases of known techniques, making it harder for cybercriminals to pull certain tricks more than a few times.

However, net admins and their weapons can only defend against the more blatant of these attacks—and only across the endpoint surface their tools cover.

To take their data-heist defences to the next level, IT managers need to get a bit more creative.

One surefire defence is to use encrypted communications for all sensitive data.

That way, even a successful intercept will only give hackers gibberish—useless without the right key to decrypt the data they’ve stolen.

Net admins can also deploy stronger access credentials across the network: requiring WPA usernames and passwords on all Wi-Fi devices, for example, will prevent almost all cybercriminals quietly inserting themselves into the network and siphoning data between nodes.

Tools aside, IT should endeavour to cultivate an “ethics of suspicion” amongst end users. Many man-in-the-middle attacks still work by targeting users with fake error messages, popups, login pages, or other “social engineering” tricks that prompt the user to install a file or re-enter their credentials.

The more familiar users are with the standard processes of their software, especially login and security processes, the more likely they’ll be to raise an eyebrow when things seem a little suspect—and raise the alarm to IT.

Continue to encourage end users that it’s better to be suspicious than sorry, and the minutes spent responding to a false alarm are worth the potential months and millions spent recovering from a successful breach.

Your data will be pwned

No matter how strongly IT fortifies itself against breaches, intercepts and hijacks of organisational data can and will occur.

The first step to practising good security remains that of assuming the worst case: at some point, your organisation will be “pwned” and your data compromised.

IT leaders should start with the very robust NIST Cybersecurity Framework and its five functions: Identify, Protect, Detect, Respond, and Recover.

Following that framework with the assumption of compromise at all stages ensures that even if an intercept does occur, your teams will be ready to roll into immediate action.

Regular practice—such as penetration testing and mock “cyberbattles” with attacking and defending teams—can help your cybersecurity team perfect its response to all manner of subtle and exotic threats, data intercepts included.

And the more your organisation works with others to share intelligence and responses, whether with network cybersecurity defences or just regular information sharing, the less threats will succeed against the resultant “herd immunity.”

Ultimately, IT can only establish so much defence against data intercepts and man-in-the-middle attacks, but even that can keep most would-be threats at bay.

It’s worth remembering that no single tactic can win against malicious actors with often overwhelming force, but combining several can quickly turn the tide against them.

Put strong monitoring tools, suspicious users, and well-oiled response protocols together, and the threat from most prospective data heists will fade—in a snap.

Story image
Kaspersky launches security assessment training program
Kaspersky says the program is designed give organisations the tools to ensure the security and of third-party applications that are integrated into their IT infrastructures.More
Story image
Months on, many organisations still don't have secure remote access - report
The report analyses the extent to which businesses were prepared for the sudden shift into remote working due to COVID-19 restrictions, and analyses how organisations have adjusted to support remote workers amidst the COVID-19 pandemic. More
Story image
Cisco buys ThousandEyes, strengthening network portfolio
Cisco is eyeing up network intelligence company ThousandEyes for its latest acquisition, building on Cisco’s cloud-based network and application performance portfolio.More
Story image
Rise in cyberattacks targeting the cloud as use of collaboration tools increase
“While we are seeing a tremendous amount of courage and global goodwill to overcome the COVID-19 pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption."More
Story image
Interview: Thriving in lockdown - how a coding school in Vietnam beat the odds
It's March 10 2020, and CoderSchool in Ho Chi Minh just went entirely online. A success story followed - here's how a lockdown helped a school thrive.More
Story image
Five wine-tasting tips that should be applied to network security
What does network visibility really mean? Much like a blind wine tasting, we need to keep an open mind and trust what data is telling us without being biased by previous results.More