Security companies expand reach to combat ever-evolving cyberattacksDec 23, 2021 02:48PM ● By Kevin Dietrich
Nearly a decade after the South Carolina Department of Revenue was bushwhacked by the worst data breach in state history, cybersecurity efforts across private and public sectors are greatly improved. That’s critical, as hackers have continued to up their game as well.
In September 2012, the state Department of Revenue was breached by an international hacker, compromising the personal information of nearly 4 million people. But the Department of Revenue isn’t the only entity that’s had to deal with attacks in recent years – not by a long shot.
There were nearly 800,000 complaints of suspected internet crime in the U.S. in 2020 – an increase of more than 300,000 complaints from the previous years – and reported losses exceeded $4.2 billion, according to the FBI.
The battle between those trying to steal information and those working to keep data safe is a cat-and-mouse struggle, said Jorge Crichigno, an associate professor of Integrated Information Technology at the University of South Carolina.
“The malicious users have new tools, and the people looking to stop them have new tools,” he said. “It’s back and forth.”
While there hasn’t been a data breach in South Carolina in recent years to rival the 2012 Department of Revenue attack, hackers have struck elsewhere in dramatic fashion.
This includes the attack on the Colonial Pipeline, the largest pipeline system for refined oil products in the U.S., earlier this year. It forced Georgia-headquartered Colonial, which controls a significant percentage of gasoline, jet fuel, and diesel flowing along the East Coast, to take some systems offline, disabling the pipeline for five days and creating a temporary fuel shortage on the East Coast.
Colonial ended up paying $4.4 million worth of bitcoin in response to the ransomware attack. Much of that was eventually recovered by the U.S. Department of Justice.
Cyberattacks are far reaching.
The average time to identify a breach in 2019 was seven months, and the average lifecycle of a span, from breach to containment, was 11 months, according to information released by Cyber Observer, a cybersecurity firm headquartered in Israel.
“Cyberattacks are easy to generate. Someone who has the technical knowledge, and they don’t have to be an expert, can launch a cyberattack,” Crichigno said. “There are so many open-source tools on the internet that malicious individuals can use to try and guess usernames and passwords or to disrupt networks.”
Government entities, financial institutions, and health care operations are the biggest targets of hackers. All not only have access to large amounts of money, but also rely on the personal data of large numbers of individuals. They aren’t the only ones susceptible to attack, however.
“Any company out there is fair game: It’s not just the financial sector that’s under attack,” said Dominik Mjartan, chief executive officer of Columbia’s Optus Bank. “If you’re in business, you’re vulnerable.”
What’s Being Done
A number of solutions have been devised to fight this threat, including:
Introduction of broader solutions that can target an entire class of attacks at once, rather than attempting to take on each individual threat individually;
Machine learning is being used to identify malicious behavior by looking at network behavior, particularly involving prior attacks, to better detect hackers’ efforts; and
Evolution of user access. Password-only authentication has long been a weak point, particularly when employees go with easy-to-crack passwords. The standard five-letters-and-a-number password will give way to alternatives and enhancements, such as multi-factor authentication and risk-based authentication tools.
Technology and lack of training are two reasons cyberattacks continue to proliferate, according to Michael Small, chief executive officer of North Charleston’s Tandem Cyber Solutions.
“Older technology is one of the most common issues we see, especially with smaller businesses,” he said. “Many smaller businesses have budget issues and can’t afford the newest and best software, and they can’t hire security personnel to monitor their systems.”
Hackers often target companies that use dated software.
“Hackers go after those companies that haven’t updated their software because they know they’re more vulnerable,” Small said. “It’s a very deliberate process on the part of hackers.”
Cybercriminals can also use the dark web, a hidden collective of internet sites only accessible by a specialized web browser, to purchase access to user names and passwords.
Given what a breach can cost businesses and other organizations, improving cybersecurity is a never-ending job.
New technology allows security companies to see what’s happening in real time and uncover cyberattacks as they’re taking place.
“I find it fascinating that the new technology that allows malicious operators to gather more and more information that’s flowing across the internet is also helping those who are trying to stop attacks,” Crichigno said.
Often, organizations employ a multi-faceted plan to foil cyberattackers. The S.C. Department of Revenue, for example, has implemented several measures over the years to strengthen security and protect taxpayer information, according to a statement from agency spokeswoman Ashley Thomas.
On the first day of employment, all new Department of Revenue employees are required to complete comprehensive security and skill training, testing, and certification before being granted access to agency systems, and all employees must complete monthly and annual security skill training and testing, Thomas stated.
The agency’s Information Security group, led by a chief information security officer, implements, monitors, and continues to enforce a combination of strong information security standards, policies, and processes from the private industry and government.
“Independent, third-party audits and reviews of SCDOR security are regularly conducted,” Thomas said. “State-level oversight and 24/7 monitoring is performed by the Department of Administration’s Division of Information Security.”
Finally, additional hardware, software, and systems have been deployed and are continuously updated and upgraded to better prevent, detect, and protect against cybersecurity threats, she said.
Some companies even go beyond the above, hiring firms such as Tandem Cyber Solutions, which seek to legally penetrate existing security systems.
“Companies hire us to break us into their business to better understand how well they’re actually protected,” Small said. “They may believe they’re super secure, and we end up finding out that they’re not secure at all.”
No matter how much technology is in place, one of businesses’ biggest weaknesses in the war against cybercrime results from companies not training employees properly.
“Just about every attack has begun with someone clicking on an email and making their organization vulnerable,” Mjartan said. “Often, these employees aren’t even aware they’ve done something to put their organizations at risk.”
Because businesses are closely linked with one another through technology, the impact of cyberattacks can be far-reaching.
“We’re all connected in some way.” Mjartan said. “If someone can get into your accounts, they then have the ability to significantly impact another institution’s customers.”