Skip Navigation
Share this

Special Reports

Understanding the cyber security landscape

0 Comments

Organisations need to combine good cyber security practices with an effective incident-response plan.

The Distributed Denial-of-Service (DDoS) attacks and cross-site scripting which affected several web sites in Singapore in November are some of the more common cyber threats confronting public and private sector organisations today.

In a recent interview with Channel NewsAsia, Mr Anthony Lim, member of the Application Security Advisory Board of the International Information Systems Security Certification Consortium (ISC2), spoke about the emergence of “hactivism”.

This group of hackers does not usually try to steal money or data, or to bring down systems or services, he said. “What they want to do is to make some noise. They hack some public web sites just to make the message for a lot of other people to hear. It is of course illegal because you’re infringing on somebody else’s privacy. It’s like painting a message on your car.”

DDoS, on the other hand, has the potential to be much more disruptive. Writing for the Geopolitical Information Service web site WorldReview.info, Dr Frank Umbach, Head of the International Energy Security Programme at the Centre for European Security Strategies, noted that there has been an increase in DDoS attacks which are aimed not at data theft, but at bringing down computer servers so that they can no longer be accessed by customers.

At the same time, the cost and time to tackle attacks are also growing faster than ever. A study conducted by Ponemon Institute on behalf of Hewlett-Packard estimates that it takes more than twice the time, and 78 per cent more cost, to fight attacks today than it did four years ago.

In terms of organisations that were at risk, Symantec noted in its Internet Security Threat Report that small businesses were the target of 31 per cent of cyber attacks in 2012. They were attractive targets both in themselves and also as a way in to ultimately reach larger companies.

Going forward, new cyber attack trends expected to emerge between now and 2020 include more attacks against critical infrastructure and strategic financial and socio-services; and also against power distribution networks, transportation networks, and communication networks, said the World Review report. Security experts consider these critical infrastructures to be at particular strategic risk because they are essential for a state’s survival.

Tackling these issues is a formidable task, but security experts generally agree that good computer hygiene practices can help address 80 per cent of these threats, allowing resources to be focused on the 20 per cent of security threats that have a more critical impact. Such practices include putting in place basic security measures such as antivirus software and firewalls, ensuring prompt software upgrades and patch management, implementing two-factor authentication, and limiting administrative access.

Beyond these measures, there is also a need for organisations to develop an incident response (IR) plan to mitigate the consequences of security breaches.

According to a new report published by McKinsey & Company, the primary objective of an IR plan is to manage a cybersecurity event or incident in a way that limits damage, increases the confidence of external stakeholders, and reduces recovery time and costs.

Some of the guiding principles in incident response include understanding the current environment and response protocols; identifying the organisation’s most critical information assets; and then creating the IR plan and supporting tools. Organisations also have to ensure that IR planning is integrated into business processes and that change management, communications, and training programmes are carried out to increase awareness of the new IR processes, said the McKinsey report.

Deciphering the threats

The following are some of the more common cyber threats that organisations are facing today.

  • Distributed Denial-of-Service attack (DDoS) is an attempt to bring down a web site or server by bombarding it with traffic using a network of zombie computers (or computers that have been compromised by the hacker).
  • Web Defacement is when the visual appearance of a site or a webpage is altered. The reasons for defacing a web site could be purely for fun or as a means to protest a message or promote a cause.
  • Data Exfiltration is an unauthorised extraction of data from within a computer system or network. It is also known as “data theft”.
  • SQL Injection is an attack that takes advantage of improper coding of web applications, allowing the hacker to inject SQL commands into, say, a login form to gain access to the data held within the database. It arises mainly because the fields available for user inputs are not validated.
  • Malware or malicious software is software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software.
  • Back-door access refers to a method of bypassing normal authentication to secure illegal remote access to a computer, obtain access to plaintext, and so on, while attempting to remain undetected.
  • Cross-site scripting can take advantage of a web site application’s vulnerability in one of two ways. The first is to gain access into the web site and display content from other sources. The second is to have a specially crafted URL that directs users to a page that displays content from other sources, creating the illusion that the site is compromised even though the web site is intact.