Talking Tech: Spotlight on cybercrime with TSG’s security guru
In the world of technology, cybercrime is always rife and the perpetrators never stop. Just as technology evolves, those behind the internet scams and vicious cyber-attacks make it their job to stay one step ahead of the game… so your business needs to be ready and waiting, with the right technology in place to defend your vital systems and precious data, if and when targeted.
I sat down with TSG’s security expert Grant Campbell to quiz him on all things cybercrime and to get his take on the approach businesses should be taking towards their security…
Amelia: First off, there’s plenty of tricksters about in the world of cybercrime all year round, but what are the biggest cyber threats to businesses right now?
Grant: Ransomware is still very much at the top of the agenda – we look at the threats that are affecting our clients the most with a slightly worrying development in that, ransomware attacks are now not only content to encrypt your data, but also attempt to exfiltrate and to steal your data. We’re seeing more and more of those types of attacks.
With that, it’s highlighting the importance of not only having good endpoint protection to prevent the ransomware attack when it hits a machine, but also having good perimeter protection – good firewalls that actually detect and stop those data exfiltration connections… and obviously with GDPR coming into effect a few months back in May, that is, and should still be, very much at the forefront of people’s minds.
A: Well, even in the past year alone we’ve seen a whole host of spine-chilling attacks, but these seem to have affected large organisations, so does it mean that small businesses are less likely to be affected?
G: Actually, no, quite the opposite’s true. I think the reason we see the bigger attacks in the media is because those are the ones that are newsworthy.
The problem is that many of the attackers perceive the defences that are put in place by small businesses to be lesser than those of the larger businesses. The perception is that big businesses can afford to get the really high-end solutions in place to ensure that their systems and data are safe, but conversely, that small businesses can’t and as such they are a ‘soft target’.
The fact these attacks are so inexpensive and so easy to deploy means that, for a very small investment, a cybercriminal could attack a number of small businesses and if only one or two of those bear fruit, then it’s an exercise worth doing from their perspective.
So, I would urge all small businesses not to fall into the trap of thinking because they’re a small business that they’re not a target and realise that actually, the flipside is true. But thankfully, top-end security is well within the budget of most small businesses.
A: All businesses should be bolstering their security as much as possible – but I’m sure with so many products on the market it could be quite confusing for businesses to know which one’s right for them… how could Sychronised Security from Sophos streamline a business’ security processes?
G: Synchronised Security is a new technology from Sophos which lets two different layers of protection, that have traditionally existed separately on practically all systems, communicate and exchange threat information to better protect you. In its simplest form, it allows the endpoint protection, or ‘anti-virus’, and the firewall which exists at the perimeter, to communicate.
If someone was to bring in a USB stick from home with a Word document on it, plug it into their work laptop or desktop, open the Word document and there’s a threat on it – the Sophos endpoint picks up that there’s some suspicious activity as a result of that Word document being open. It maybe doesn’t know exactly what the threat is, but it communicates to the firewall that there is a threat on this PC. Depending on the policies you configure, the firewall may isolate that machine on the network or at the very least prevent it from accessing the internet.
If you imagine that threat was a bit of ransomware that is seeking to steal data and send it out across the internet connection; the fact that Synchronised Security is there and that the firewall has been notified of that threat on the endpoint and as such isolated the machine, would remove that threat. It also makes it easier for IT staff, or for TSG, to identify the source of the attack on the end-user machine.
A: So, it’s great to have the best tech on the market, but who is really responsible for security and keeping data secure in a business environment as a whole?
G: In a word – you.
Everyone is responsible for keeping the business data secure. It would be a mistake for any member of staff, at any level, in any business, to assume that the responsibility for keeping that company’s data safe rests with management, IT department, TSG… Everyone has a part to play.
Email in particular is a massive attack vector now, with well over 50% of attacks statistically coming from email, be they ransomware or any other type of attack; credential theft, phishing attacks, etc. So, if staff are aware of that threat, and are alert to it, and are prepared to use their judgement to try and spot things that don’t look quite right, then that plays a huge part in keeping safe.
So, in short, everyone has a part to play when it comes to keeping the company systems and data safe. You can train employees using Sophos Phish Threat to test their ability to spot a threat, and educate those who do fall victim.