26/06/2024
The facts about cyber security breaches
In the last few weeks alone, several household names have found themselves in the news headlines due to serious cyber security breaches. But why do they keep happening?
Ticketmaster and Santander’s cloud data storage provider, Snowflake, recently had a significant volume of data stolen by a highly organised criminal hacker group in a financially motivated attack, destroying the confidence and trust of thousands of consumers who expect their data to be in safe hands.
Days later, a key lab service supplier to the NHS, Synnovis, experienced a debilitating ransomware attack, seeing 1,500 medical appointments, including organ transplant surgeries, cancelled as the organisation battled to restore its affected IT systems. Since then, the criminal hackers have published stolen patient details on the dark web due to their financial demands not being met.
And there’s more. In May 2024 the MoD discovered it had been compromised, where allegedly two or three attempts to hack the employee payroll system, with names and bank details being exposed.
Why is this happening?
Our cybersecurity expert, Ben Hopper, explains:
“In the majority of recent high-profile security breaches, threat actors have gone after the suppliers’ of major organisations. Data as a service is a relatively new concept, and it’s possible, with these newer companies, that some basic security practices have fallen by the wayside somewhere along the line, allowing hackers into the back doors of some of the world’s most trusted institutions.”
Cybercrime is lucrative, with significant potential financial gain from stealing sensitive data, intellectual property, or conducting ransomware attacks. And the criminals are becoming more advanced, employing sophisticated techniques such as zero-day exploits, social engineering, and advanced persistent threats (APTs) to bypass security measures.
The threat landscape is constantly evolving with new vulnerabilities being discovered regularly, including weaknesses in the supply chain, as seen in some of the recent high-profile cases, where attackers target less secure vendors or third-party services to gain access to the main target.
Emerging technologies also introduce new security challenges. IoT devices, for example, often lack robust security features, making them attractive targets for cybercriminals.
Cyber security isn’t a luxury - it’s a must
Many organisations, especially smaller ones, fail to allocate the necessary resources to implement robust cybersecurity measures, seeing a significant lack of incident response plans in place to take swift action if or when a breach occurs. Despite the fact that the financial and reputational cost of a cyber security event would be far more than having the resources and plans in place to begin with.
A cyber security function within an organisation, be it internally or through a trusted partner, would take care of breach response plans, whilst implementing everything from compliance and regulatory cyber requirements, to eliminating insider threats.
Insider threats, whether intentional or accidental, pose significant risks when employees with access to sensitive information cause breaches through negligence or malicious intent. Human error remains a major factor in security breaches. Mistakes such as misconfiguration of security settings, falling for phishing scams, or failing to follow security protocols can lead to significant breaches.
Modern IT environments are highly complex, with a mix of on-premises, cloud, and hybrid infrastructures. Managing security across these diverse environments is challenging and requires a robust plan and experienced specialists to achieve optimum security in an ever-changing threat landscape.
How can organisations, like those recently targeted, trust that their third-party supplier is secure?
The first thing an organisation must do when engaging a supplier is a robust and throughout review of their security procedures and credentials. Are they signed up to Cyber Essentials, the UK government-backed cyber security certification scheme overseen by the National Cyber Security Centre? Do they have cyber security insurance? Are they ISO 27001 accredited, and what other assurances can they provide about their security posture?
Of course, there is sadly no such thing as 100% secure when it comes to protecting data, but supplier platforms that are created through skillful custom software development, which are regularly maintained, can help to maximise cyber security considerably.
The many security advantages of custom software
Tailored security features
Custom software can be designed with specific features tailored to the unique needs and risks of the organisation. This includes implementing bespoke encryption methods, access controls, and authentication mechanisms.
Reduced vulnerability exposure
Off-the-shelf software is widely used and, therefore, known vulnerabilities are more likely to be targeted by cybercriminals. Custom software, being unique to an organisation, presents a smaller attack opportunity and is less likely to have well-known weaknesses that can be exploited.
Integration with existing security infrastructure
Software can be designed to integrate seamlessly with an organisation’s existing security tools and infrastructure, such as firewalls, intrusion detection systems, and security information and event management (SIEM) systems, providing a stronger security posture.
Enhanced access controls
Bespoke software allows for the implementation of advanced and granular access controls tailored to the organisation, ensuring that only authorised personnel have access to sensitive information.
Regular security updates
Organisations can manage and schedule security updates and patches according to their own risk assessments and operational schedules, ensuring that the software is always up-to-date with the latest defences.
Monitoring and logging
Custom software can include advanced monitoring and logging capabilities tailored to the organisation’s security requirements, allowing for detailed tracking of user activities and rapid detection of suspicious behaviour.
Compliance with regulations
Software can be developed to ensure full compliance with industry-specific regulations and standards (e.g., GDPR), reducing the risk of non-compliance penalties and enhancing overall security.
Protection against insider threats
Custom software can be designed with features to mitigate insider threats, such as anomaly detection, activity tracking, and role-based access controls, ensuring that employees and contractors do not misuse their access privileges.
Incident response and recovery
Bespoke software can include tailored incident response and recovery mechanisms, allowing organisations to respond quickly and effectively to breaches.
Proactive threat modelling
During the development of custom software, threat modelling can be incorporated to identify and address potential security threats and vulnerabilities.
Can AI be used to make custom software more secure?
Developers have found that incorporating generative AI into custom software has the potential to enhance an organisation’s ability to detect, respond to, and stop cyber threats.
Prevention is better than cure, and generative AI is remarkable in detecting threats by monitoring unusual behaviour and patterns. It can be used to filter out phishing attempts by recognising linguistic cues that are indicative of scam emails, and can even model the expected behavior of software applications and detect deviations that may indicate malware.
What’s more, it can enhance user authentication by analysing behavioural biometrics, such as typing patterns or mouse movement, and adjust access controls based on real-time risk assessments. For example, if a user is accessing sensitive data from an unusual location.
Generative AI is also useful for cutting down time and effort required for security analytics by processing and analysing vast amounts of data logs to identify patterns and anomalies that could indicate security incidents. The technology is ideal to automate certain actions, such as blocking malicious IP addresses, or automated code reviewing, to identify vulnerabilities and suggest fixes.
Taking action to maximise security
Propel Tech’s director, Andy Brown, says:
“Custom software can be more difficult for hackers to exploit, as the vulnerabilities are less known, but as hackers become smarter, it remains critically important that organisations, whether they use bespoke or off-the-shelf software, are vigilant with their software updates and security patches.
"As the threat landscape evolves at a rapid pace, I would highly recommend that every organisation, regardless of size or function, conducts a thorough security assessment every six to 12 months to identify vulnerabilities and gaps in their infrastructure, alongside regular vulnerability scanning and penetration tests.”
Andy’s top tips for improving security posture:
Incorporate security by design: Integrate security practices into every phase of the software development lifecycle, from design and development to testing and deployment. Regularly conduct threat modeling to anticipate and mitigate potential security threats during the design phase.
Implement robust authentication and authorisation: Use MFA to add an extra layer of security beyond just passwords. Implement RBAC to ensure that users only have access to the information and resources necessary for their roles.
Utilise encryption and data protection mechanisms: Encrypt data at rest and in transit to protect sensitive information from unauthorised access. Ensure that data is stored securely.
Regularly update and patch software: Establish a regular patch management process to keep all software, including custom applications, up to date with the latest security patches. Consider using a trusted partner to manage and deploy updates and patches efficiently.
Implement advanced monitoring and logging: Set up real-time monitoring to detect suspicious activities and potential security breaches quickly. Ensure that all critical events are logged and that logs are reviewed regularly for any signs of malicious activity.
Develop and test incident response plans: Create a detailed incident response plan outlining the steps to take in the event of a security breach. Conduct regular incident response drills to ensure that the team is prepared to handle actual security incidents.
Leverage AI and machine learning: Use AI and machine learning to detect anomalies and unusual patterns that may indicate a security threat. Implement AI-driven automated responses to quickly mitigate detected threats.
Educate and train employees: Regularly conduct security awareness training to educate employees about the latest threats and best practices. Run simulated phishing attacks to test and improve employees’ ability to recognise and respond to phishing attempts.
Conduct regular security audits and penetration testing: Engage third-party security experts to conduct regular audits and penetration tests to uncover vulnerabilities that internal teams might miss. Use the findings from audits and tests to continuously improve security posture.
Maintain compliance with regulations: Ensure that your custom software solutions comply with relevant industry regulations and standards, like GDPR.
Adopt a zero-trust architecture: Implement a zero-trust architecture where no one inside or outside the network is trusted by default. Verify and validate every access request.
Propel Tech specialises in delivering secure custom software solutions to client across multiple sectors, putting security and efficiency at the heart of every single project - be it a software system built from the ground up, to modernising existing systems. Discover more or talk to Propel Tech about your custom software requirements.