Digital Threats for institutions

 · 4 min read
 · Tomáš Hána

In the present, there exist several threats, which can substantially affect security of companies, from the smallest family businesses to the biggest corporates also as state institutions and its departments of high importance. In the following text, I am going to focus on two major factors of threats, which endanger aforementioned institutions. Both of them could represent major flaw in their function, as both of the types could be potentially dangerous either concerning competitiveness in case of companies or state security.

The first factor is human factor. The human is still the main problem in the security. Only one employee which becomes a victim of fraud mail can cause big consequences to the whole company. Either it is the “classics” of the frauds over mail, phishing or more profound, but still casual, viruses included in the attachment. The risk of the threat is the virus in the attachment in these types of attacks not installs just to the one computer, on which the email had been opened, but spreads through the network. The extensive corporate network or network of some institution. By this, ransomware, which is common in these types of attacks can in very short time cause major problem for the sensitive data among the organization and when no backup is created, also if ever possible expensive way to get the data back decrypted.

There also exists social-engineering techniques using human as the source. Data-mining connected with gaining access to secret spaces can lead to frauds in communication. This is dangerous in two manners – the first is request e.g. via email for paying and invoice to some business partner, although this is not the genuine business partner, we expect to pay to, but only someone, who by using profound social engineering got know, that we will be paying to someone.

The more worrying could be using this techniques to gain access to some classified documentation concerning business secret or unique patent.

Infrastructure as the target for cyber threats

Nowadays, the high risk represents an infrastructure. It is complex topic, as the risks can be complex also. Impact on one key part can lead to cease of production, transport, disruption of supply chains and lead to not negligible losses. Recently, there had been discovered possibility to hack to uninterruptible power supplies (UPS) via cloud communication. By hacking its firmware, it is possible to bypass electronic protection and make the UPS overheat or even let explode its components. As UPS is used among different environments, consequences could be serious. For example, over 90% (!) in the healthcare industry are affected by this exploit! The risk is also grand for IoT, which began to emerge among the industries. According to Microsoft, there exists not negligible amount of internet connected devices, which have badly implemented operating with memory and consequently enable to misuse the devices for running malicious code. As these types of devices can monitor important data (e. g. in factories) and sometimes are located in fairly important devices (e.g. home appliances), the risk is serious too. Apart from private sector, the danger also applies to the state one, too. Today, during the war conflict, we are witnesses of grand cyber attacks against to both sides of conflict. We have been witnesses of attacks to Belarusian railway network to prevent transport of Russian troops, and we have been also witnesses of attacks to governments and media either via DDoS, or special HermeticWiper to defuse Ukraine government computers. This is specially worrying, as the attack vector has used also exploits in Microsoft SQL Server.

Mitigating the risks on the institutional level

As has been aforementioned, there are multiple risks on the level of institutions and the risks are not in any case exhaustive. For those mentioned, there are basically two mitigating actions – both of them are, unfortunately, indirect but when applied and done intensively the risk are minimized, albeit not zero.

For the human factor involved risks, there ought to be regular education activities, which instruct the employees how to prevent and react to human related risk. It is also necessary to perform penetration testing to have response about effectiveness or necessity perform further education. For the infrastructure risks, the systems which are powering the devices should be always updated and have the newest security updates. There should be also used as minimum amount of services, opened ports and thus potentially easing the paths to let the malicious attack use it.

Apart from the given, there is not any attack-proof way to avoid them completely. In case of institutions, there needs to be always a try to minimize the risks, perform backups and let the critical systems use as low services. It is also worth noting that the cyber attackers are realizing safety measures and always try find new vectors of the attack. There are already many of them, which cannot this post include in its complexity.