Q&A: Assume your network is already compromised, says Ixia

August 31st, 2016 | by Alfred Siew
Q&A: Assume your network is already compromised, says Ixia

Naveen Bhat_Profile Picture

High-profile attacks in the past few years have made cyber security a topmost concern not just for corporations with massive IT infrastructure but also anyone with a smartphone or connected device.

Visit a dodgy site or download a malicious app, and you could have your data locked out until you pay up a ransom to get your life back.

Never has the threat become so pronounced than today, and the costs are higher than before, said Naveen Bhat, who is managing director for Ixia in Asia Pacific.

The company, which tests and helps secure enterprise networks, has seen cyber attacks ramp up in sophistication and scale.

There are millions of cyber attacks happening every day, and the successful ones hide for months in many corporate networks, said Bhat.

In this month’s Q&A, he advocates more proactive planning and testing by enterprises to weed out potential threats that may be hidden from view.

Indeed, he advises organisations to work out their cyber security strategy by assuming that they have already been compromised.

Q: The general public has sat up and opened their eyes to the threat of cyber security in recent years. Of the many factors, what is the biggest one that has made the threat more menacing of late?

A: The biggest threat that impacts the general public is ransomware. In the past, cyber security was seen as an issue that haunts large corporations with large databases.

However, cyber criminals can now impact the lives of the general public by freezing their personal computing devices and demand ransoms to free the frozen files.

Cyber criminals are quick to capitalise on trends. One recent example is the first Pokémon GO-themed ransomware in the world, capitalising on an app that has taken Singapore and many parts of the world by storm.

Cyber criminals had gone the extra mile to add a hidden backdoor Windows admin account on the Pokémon GO app and spread that to other drives and created network shares.

While this, at the outset, may seem confined to merely consumer devices, it is actually a real problem for enterprises that may experience Pokémon GO traffic in their networks without even realising.

Another indication of the impact of cyber security on the general public is the number of fraud checks that are interrupting credit card transactions.

Credit card companies are spending a lot more money on fraud checks due to compromised accounts, which in turn affects consumers whose accounts are blocked frequently.

Q: From your experience, what are the most common security loopholes that come up?

A: Carelessness and ignorance are the two biggest security loopholes today. While there are many technical loopholes that could be discussed, we need to talk about the level of carelessness of people and organisations to follow the required security checks.

Secondly, ignorance of the variety of attack mechanisms is another loophole.

As illustrated in the security risks associated with Pokémon GO, it is possible to manage and enforce control over the app’s data running through the corporate networks, but it does mean that corporate IT teams are aware of such a threat to begin with.

Q: It frequently takes months for intrusions to be detected, if at all. Should organisations adopt an attitude that their networks are already penetrated? How do they prepare for this?

A: The average time taken to detect intrusions could be around nine months. Couple this with the fact that millions of attacks are happening every day – it is safe for every organisation to adopt the attitude that they have been compromised.

Once compromised, they should look at forensics, and also track outgoing data to malicious sites to track which devices and networks have been penetrated.

Most importantly, they should constantly take a proactive stance to build resilience in their networks to the latest attacks vectors in the market.

Q: What lessons can Singapore draw from previous high-profile break-ins overseas, as it looks to be a highly-connected smart nation?

A: Be proactive, and enforce strict regulations. Just like Singapore took a very hard line on criminal activity and law enforcement in the past to create a safe and secure nation, the time has come to translate these ideas into the cyber security arena.

I do believe that real-world scenario testing is the way to ensure true IT system resiliency. Ixia’s team of researchers regularly hold ‘what if’ testing with customers, using live traffic to simulate cyber attack procedures.

The aim is to use a constant ‘offense’ method to find vulnerabilities in products, people or processes, and eliminate them before they can be exploited.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.