This is a guest post coordinated by Rebecca Nehme who works for Thales’ Cybersecurity program based at STATION F. You know grandparents who want to learn more about other tech topics? Follow our Medium keyword « Techxplanation »
After blockchain and Artificial Intelligence, it’s time to become a cybersecurity expert. Cybersecurity is not an easy concept, but it can be understood as a peacekeeper against digital world’s growing threats. The startups in the Cyber@StationF program led by Thales help us get some answers to questions about this mysterious world that you didn’t even think of asking.
What’s an Information System?
In order to understand what cybersecurity is, let us start where it all happens: in and around computer systems. Derek Pierre, from NuCypher, explains:
“An information system is an organized system for the collection, organization, storage, analysis, and communication of information. Information security, INFOSEC, includes the processes and methodologies designed and deployed to keep data available and confidential while ensuring its integrity is maintained, with areas such as:
1. Application security: vulnerabilities in the software used by web and mobile applications
2. Cloud security: the security of applications that are hosted on servers
3. Cryptography: encryption and decryption of data whether stored or being exchanged
4. Infrastructure security: protection of communication networks and hardware devices
5. Vulnerability management: auditing and scanning of environments for weak points
6. Incident response: detection and remediation of malicious activities
When private data is unintentionally revealed or obtained by an unauthorized person, the event is labelled as a ‘data breach’ or ‘data leak’. Imagine the potential issues that could arise if your information was leaked from your bank:
· Home address — so that you receive an uninvited guest
· Personal information that can be used for identity theft
· Bank account information that can be used to withdraw funds
· Credit card information to use for unauthorized purchases
· Money transfer details modified to send money to an unintended recipient
Cryptography is the practice and study of techniques for securing data against unauthorized parties. It is sometimes synonymous with the terms encryption, which converts data from a readable state (plaintext) to a state that is unintelligible (ciphertext) to an observer, and decryption, which converts the unintelligible (ciphertext) back into a readable state (plaintext). Cybersecurity solves the problem of storage and communication between trusted parties without exposing the data to an untrusted interceptor i.e. it provides prevention against eavesdroppers.
At NuCypher, we are focused on using the latest advances in cryptography to provide a data privacy layer that provides the ability for distributed systems to securely store, share, and manage private data and ensure only authorized access to data”.
Who are those hackers?
“A hacker could be a person with a high level of skills in computer, or a person who circumvents security and breaks into a network or others embedded systems, usually with malicious intent,” Jin Zhang, from Algodone, explains. “The typical stereotype of a hacker is a man wearing a dark hoodie in a dark room, typing furiously on his keyboard to break the security barriers to a confidential database in hope of stealing identity or money from individuals or big corporations. But reality isn’t always as we think it is.”
Software Hackers
Software attacks are the most famous threat because they regularly affect our mobile platforms, computers, and servers. In the software world, security hackers are labelled by the colored hats they wear.
White Hat Hackers are the good guys on the block. They try to find weakness in a system with a goal of improving the security of the underlying system, with owner’s permission.
Black Hat Hackers — Their dark and malicious intent is to find vulnerabilities in individual devices, so they can hack into your network and get access to your personal, business and financial information for nefarious purposes.
Grey Hat Hackers — They might have hacked into a system without permission, yet they don’t have personal gain in mind. They may hack into an organization, find some vulnerability and leak it over the Internet or inform the organization about it.
Hardware Hackers
While individual hackers can harm others, the most serious ones are often states or competitive corporations who have money and advanced tools to be able to hack into hardware. They have generally a few main objectives, such as obtaining secret information, causing a breakdown of the system…
Counterfeiting in electronic hardware is also a wide spread challenge and a financial motivation for hackers. The following image from an August 2007 EE Times article showed counterfeited Toshiba chips with Samsung die inside.
Thanks to Algodone’s SALT (Silicon Activation Licensing Technology) electronic manufacturers can possess authentic licenses in order to use an IC chip in an electronic system. As Algodone’s SALT licensing is rooted in silicon, it is extremely difficult and nearly impossible to break through”.
Why are they doing that?
So, hackers could very well be anyone… but really, why are they doing such things? We’ve asked Rotem Abeles, from Cylus, a company that delivers in-depth holistic visibility into rail safety-critical networks.
“The motivation for a cyber-attack can vary considerably depending on the circumstances. The key motivations can be summarized into 4 main reasons:
1.They want to show off. In 2008, a polish kid hacked the train network in Lodz, and as a result, 12 people got injured. His prank was not taken lightly — he was caught by the police and sentenced to jail.
2. They are looking for revenge. In 2017, a former employee of Transcontinental Railroad Company was found guilty of damaging the railway’s’ IT network. He was fired in 2015 and according to the US justice department, before leaving, the former IT admin deleted files in his employer’s network, removed administrative-level accounts, and changed passwords on the remaining administrative-level accounts, locking them out. He even attempted to conceal his activity by wiping the laptop’s hard drive!
3. They are in for the money. Ransomware attacks are a lucrative way for criminals to fill their pockets. In 2016, San Francisco’s railway system, the Bay Area Rapid Transit (BART) was the target of ransomware. The management of BART refused to pay the ransom and let commuters in for free until they could recover the system from a safe backup. Had the attack been on a more critical system, the outcome could have been different. Shutting down the subway in a major city could cost hundreds of millions of dollars in economic damage per day.
4. They are motivated by ideology (e.g. Terrorist groups or governments). Cyber-attacks can be an act of terrorism or part of a larger geopolitical conflict. We have seen Russia launch cyber-attacks on utility companies in the Ukraine, shutting down the power with a push of a button. In transportation, we have seen that North Korea tried to hack South’s railway system”.
How do they attack?
Cybersecurity will always exist, and the more digital the world becomes, the more it will be necessary. Everyone these days is digitally connected, whether you have a mobile phone, a tablet, or even a fridge! All these smart devices connect to the internet, which allows cyber-attackers to target a person, as explained by Jonathan Levy, from Perception Point:
“This market follows a cat-and-mouse model where the defenders are continuously trying to catch up with the attackers. As a result, there is no ‘silver bullet’ that will stop all attacks, but a continuous game to try to stay ahead of the attackers.
In order to better understand on howattackers target people, we will list the most popular places attackers target with examples and deep dive into two of the main types:
· Mobile– Fake wifi connection, malware disguised as an app, malicious SMS link
· Internet of Things:Intercept connection of any connected device (Vacuum, HVACS, Fridge, Printer…) and turn them into a zombie army working for the attacker.
· Email: Malicious attachments and links hidden within the email enable further in-depth attacks like Advanced Persistent Threats. 90% of cyber-attacks use email to attack people. New malware samples executed via email are rapidly multiplying, with over 72 million seen in just one month! A common example of attackers’ techniques is a phishing attack: an attacker masks as a trusted entity and dupes a victim into opening the malicious content.
· Shared Drives: Rapid spread of malware through document sharing. Given their growing usage, they pose an attractive target for hackers, yet aren’t nearly as protected as more traditional targets. It is not enough to just secure the data in collaboration channels, you have to ensure that the content inside these channels is clean and safe.
· Network: Distributed denial of service (DDOS) attacks leverage swarms of zombie computers to saturate a web service; a Man-in-the-middle (MITM) attack diverts the network traffic through the attackers’ computers, Spear phishing attacks are socially-engineered attacks to specific targets.
· End-Points– USB sticks are the computer equivalent of drug syringes and spread viruses very rapidly; Ransomware blocks users out of their own systems; Eavesdropping enables to listen to confidential conversations even when your phone is — apparently — switched off.
This cat-and-mouse model of cybersecurity shows again that the defensive side of the industry needs to take a new approach. Perception Point stop malicious content from infiltrating via any collaboration channel. Unique CPU-level visibility plus deep scanning capabilities detect the unknown attacks, pre-malware release. In addition, multi-layered technology combines multiple threat intelligence, image recognition and static engines to prevent phishing and commodity malware.”
Data: What is at stake?
The data you generate on the internet create a double “digital you”, as real as your flesh and blood, your digital footprint. Adrian Sossna and David Uze, from Trillium, explain how our actions on the internet can harm us and our people.
“Any and all information sent over an unprotected internet connection can be intercepted by criminals. Ordering an Uber to your friends’ house puts both your and their location at risk, and making online purchases exposes your credit card information — a mistake that can lead to serious financial fraud. Having your social security number leaked over the internet could lead to a torrent of trouble at the hands of an unscrupulous identity thief.
The stakes get even higher, however, when connectivity is used to amplify the services in whose hands we put our lives. Modern cars, airplanes, ships, and even medical devices have added internet connections to expand the range of services they offer. Using your phone to adjust your pacemaker is incredibly convenient, but the damage a hacker could cause with control of it is literally life threatening. Without the appropriate protective measures in place, all digital information can be turned into a weapon to threaten people.
Modern vehicles are connected to the internet wirelessly, and also use a number of additional radio interfaces: Bluetooth, remote unlocking and starting of vehicles, wireless tire pressure monitoring systems, wired iOS and Android interfaces…
The electronics in your vehicle keep record of the places you visited — if equipped with navigation, they remember your driving style, how you accelerate and how often you break hard. If you use the Bluetooth connection to make phone calls in your car the electronics may keep a list if your contacts, or the history of your calls and messages.
Connectivity-enabled transportation has numerous hurdles barring its way to success. Unique, unprecedented situations involving multiple vehicles, their passengers, and their data need to be secured from start to finish to ensure the safety of the people depending on connected vehicles”.
Even worse, in addition to one’s own actions, this “digital self” is also indirectly threatened by confidential information in various companies’ databases. Are these companies doing the right thing to protect us and themselves? Antoine Matthey-Doret, from Dathena, provides an answer:
“Imagine a very messy office open to everyone, files and folders lying everywhere: this is what most data centers look like today. Even if the office is locked with a key, you want to make sure that no matter what happens, the confidential information does not get stolen. As we know that no system is perfect, there is a need to proactively protect the confidential information. However, people do not know what is sensitive or not or even what the company has to protect. And doing this manually would be a nightmare. Automated classification allows exhaustive and granular inventory of all these documents by business category and by level of confidentiality to protect and monitor information.
The 7 reasons for data classification are the following:
· Handle your data appropriately: data classification enables organizations and employees to regain control over their data knowing where each type of record is stored.
· Measure your protection: identifying which files are being protected, as well as how and why. This way you are able to proactively detect potential security lacks.
· Prevent insider threats: data classification combined with identity and access management technology helps by only allowing the right people to access to documents on a need-to-know basis.
· Prevent outsider threats: data classification combined with data loss prevention technologies help to prevent unauthorized third parties from seeing information they shouldn’t.
· Find data quickly: data classification enables efficient data retrieval, which has become a key point for organizations with new regulations such as GDPR. (The C-Suite UK, 2017)
GDP What?
GDPR stands for General Data Protection Regulation. It’s a new European regulation which revolutionizes data privacy addressing the way data should be stored, transferred and collected online. Its aim is to give European residents greater control and visibility over their personal data, strengthening and unifying data protection.
Cybersecurity technologies can help organizations navigate within their petabytes of data and regain control over it: this is Dathena’s mission. Leveraging the power of Artificial Intelligence, Dathena automatically classifies data, identifies personal information, detects security anomalies and protects sensitive information”.
How to Cyber-Secure your business?
Businesses really need be aware of cybersecurity solutions in order to prevent any risks of data leaks or others attacks that might happen against them. Eric Houdet, from Quarkslab, gives us some advice about what we can easily put in place at work:
“The primary focus of INFOSEC (Information Security) is the balanced protection of the confidentiality, integrity and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a multi-step risk management process that identifies assets, threat sources, vulnerabilities, potential impacts, and possible controls, followed by assessment of the effectiveness of the risk management plan.
To standardize this discipline, academics and professionals collaborate and seek to set basic guidance, policies, and industry standards on password, antivirus software, firewall, encryption software, legal liability and user/administrator training standards. This standardization may be further driven by a wide variety of laws and regulations that affect how data is accessed, processed, stored, and transferred. However, the implementation of any standards and guidance within an entity may have limited effect if a culture of continuous improvement isn’t adopted.
But attackers target data, not the infrastructure which needs to be constantly:
· monitored with usually a security operations center (SOC) where a centralized unit deals with security issues on an organizational and technical level;
· tested with regular authorized simulated attack on a computer system, performed to evaluate the security of the system. The test is performed to identify both weaknesses, also referred to as vulnerabilities;
· and updated.
Therefore, Quarkslab focuses on data security, with 3 products: IRMA, Ivy, and Epona. These products, coming along our service and training offers, help organizations take security decisions at the right time based on relevant information.
At Quarkslab, we see security as a means of fulfillment. With security you can look ahead, with confidence. We give meaning to security, seen not as a self-serving abstraction but as a concrete means for accomplishing ambitions”.
IN A NUTSHELL
Cybersecurity is a critical technology for the digital age: without it, there can be no trust, no services, no transactions, no digitization, no growth, no citizenship. As a world leading company in this industry and others, Thales is proud to be working with the crème de la crème of cybersecurity start-ups worldwide, and to provide the best secured solutions that make the world go round, whatever it takes. Learn more about the Cyber@StationF programme and the start-ups on their website.
@Credits: Medium - Thales Digital Factory
