CYBERSECURITY

CYBERSECURITY

Half good?

Bruce Lee once said, “Be like water, my friend… water can crash, or it can flow”. Water can be a solid, a liquid, or a vapour gas. It can take-on any shape. It can be light and refreshing, or so heavy that it can crush anything. A jet of water can cut through all types of metals. Water can be freezing cold, tepid, or boiling hot. Despite all these remarkable qualities, there is one thing water cannot do: it cannot discriminate. It cannot compartmentalise. It shares everything with every droplet, meaning that one drop of ink (or poison) in 10,000 drops of clear water, will contaminate every other drop. Here we can learn two concepts about water that form good analogies that apply to cybersecurity.

1) Even the most tidy and well-ordered of computer networks can be corrupted and set asunder. The disarray can come from a virus written by a 14 year old. Attaching itself to an email, the virus can self-execute in the background, causing incalculable damage by stealth. As per the water example, one drop of ink or poison could discolour or contaminate an otherwise perfect supply. And one unassuming virus can bring a massive complex network to a grinding halt. Overlooking small-things, can matter big-time.

2) The water cannot direct or dictate how it is to be polluted. It cannot segregate the toxins. Just as a flower offers its fragrance with neither fear nor favour, a toxin spreads to each and every molecule. In fact, the properties of the water will assist and accelerate its own demise. There is no such thing as a glass half-contaminated. A problem that persists in any sector of the water, is a problem for the entire body of water. And, so it is with computer networks and systems. What good is a firewall when there is no fire? What good is a filtration system when the contaminants are nanoscopic? What good is a password when the cyber criminal hitches a free ride on the back of your own staff or via networks owned by your suppliers and vendors?

While optimists like to think of the glass as half-full, hackers see every droplet as a possible vehicle through which to penetrate and infiltrate. It only takes one drop… one click… one crack… one opportunity… one mistake… one moment to gain access. Thereafter, calamity can follow, or it can brew slowly. Whether via brute-force or drip-feed, one thing is certain… victory is nigh for the cyber criminal. Patience is key, because the rewards are worth the wait. With ransomware demands edging closer towards $100 million, and arrests basically non-existent, it pays for hackers to plot from dusk until dawn.

Every security and defence agency has issued warnings. Their foreboding cannot be simpler. Their mantra is, “It’s not if. It’s when!” Every analyst and consultant has predicted your demise.

The damage that awaits you, will gush forth. You’ll have to deal with: corrupted systems; locked databases; angry customers; confused staff members; panicked stakeholders; defeated managers; curious journalists; and demanding creditors… amidst a ruthless, invisible, untouchable cyber criminal who knows that your greatest enemy is neither the technology nor the calamity itself. Rather, it’s “time”. Once your files have been hijacked and encrypted, every tick heralds mounting losses. The ransom (no matter how unreasonably exorbitant) pales next to compounding pain and suffering that washes over you and your dismal future with each passing, excruciating second.

No matter your ethical position or your stern policy of “never negotiating with cyber criminals”, your resolve will weaken. Just give it time… that healer of all ailments… time… will crush you. Your phone will ring, and the Chair will bellow, “Just pay the bastards!” You’ll beg the hackers for mercy, as you sign the largest expense bill of your career.

TRY THIS EXPERIMENT

If you doubt that a cyber attack could debilitate your organisation, why not prove it by turning-off your systems for a few hours. Do it without warning. Make it a sudden-death denial-of-service. You know that you can switch everything back on. So what have you to fear? The common response is that such a daft dare will prove nothing. It will merely disrupt the business for no real gain. True. You would be wise to avoid such a stunt. However, can you be certain that attackers would hesitate before bringing your organisation to its knees? A condition for which you team is neither trained nor drilled!

Assemble your best managers and discuss a scenario that assumes these parameters: a cyber attack will lock half your computers, while shutting your websites and web services. Your primary files (from finance to marketing to production) will be encrypted. Vital databases comprising customer details and transactions will be stolen then and deleted from your networks — which by now will be locked. Furthermore, confidential files, contracts, pricing, growth plans, financials, and top-secret correspondence will be leaked to the public at a rate of 100 records per day until you relent. Draw a series of flowcharts to simulate what is likely to happen to your organisation in physical and repetitional terms… not to mention the possible legal exposure if negligence could be proved to have been a factor that contributed to (or invited) the cyber attack.

MURPHY’S LAW

Edward Murphy Jr was an American aerospace engineer. He died well before the invention of electronics and computers. Murphy’s law starts with this adage, “Anything that can go wrong, will go wrong.” His other four laws are:

Left to themselves, things always go from bad to worse;

If there is a possibility of several things going wrong, the one that will go wrong, is the one that will cause the most damage;

Nature always sides with the hidden flaw; and

If everything seems to be going well, you have obviously overlooked something.

Murphy was not thinking about computers. Most certainly he could not have conceptualised the cruelty of cyber crime. If Murphy were alive today, he might decree a new law along these lines: The more you have to lose, the more likely you networks will be hacked.

COST OF WARFARE

In the world of traditional warfare, bombs are graded in terms of cost-per-death. If an incendiary or explosive costing $1,000 per device can cause 1,000 casualties, the cost/benefit ratio is appealing. Although atomic or nuclear firepower is even more economical, its side-effects are undesirable. The collateral damage is too great. This is when poison gases and nerve agents shine. Their ratios are an economist’s dream. A few litres costing just a few dollars, can kill millions.

Using this kind of cost/reward calculation, cyber crime takes the cake. Every which way you calculate it, from its cost of production, to cost of delivery, to return-on-investment, there has been no venture that has ever come close to the returns. Not drugs. Not diamonds. Not Ponzi schemes.

MR BIG

As with all lucrative markets, there are layers (middle-men) who emerge to add value, while extracting rewards. The middle-men who facilitate (recruit) wannabe cyber criminals, are the Mr Bigs who provide sophisticated technologies free-of-charge to anyone willing to spend a few hours per day finding ways to hack vulnerable organisations. The young kids in their bedrooms need only invest in a simple computer. The expensive tools (the cyber thieving services) are given to them. Mr Big provides a service by way of free access to: encryption technologies; fast computer farms; and training. The small fish set-about to learn the trade of hacking. This model is known a RAAS which stands for “Ransomware As A Service”. Everything the small-time criminal needs, is provided by Mr Big. His only demand is a cut of the action. With ransomware attacks netting millions, its easy-money from the comfort of their bedroom or college dormitory… or from the 15th floor of the State-sponsored comfortable corporate offices furnished by rogue nations who find it more lucrative than smuggling opium across borders.

WHAT CAN BE DONE?

The animal kingdom has addressed this kind of dilemma. The larger animals must eat. They will hunt. The smaller animals will be preyed upon. The clever ones have evolved to either trick the larger animals through optical illusions or unpleasant consequences. Small fish bloat to appear larger. Some have developed spots to trick the enemy into thinking the eyes are in a different place. Some utilise poisons or electrical zaps to scare-off would-be assailants.

In order words, one must do everything to protect… everything to educate the team… and everything to make it unpleasant (or appear too arduous) for hackers to persist with an attack. Repelling a cyber criminal is as important as hunting and combatting.

OUR STRATEGY FOR YOU

At iCT Group, we will show you how to diminish your vulnerabilities, while assisting you to give the outward impression that your network is not worth penetrating. Cyber criminals would be inclined to move along, in search of easier prey. There are plenty of fish in the sea, so let’s divert the hackers away from your organisation.

Let us assist you to batten the hatches and camouflage your networks and hide (and fix) the faultiness that send signals to cyber hackers who see the beacons as invitations to attack.

Perhaps now you can see why our seven prongs (seven services) comprise our unique offerings in a market with no shortage of cybersecurity consultants who seek to profit by bamboozling you with jargon, and dazzling you with party tricks in the form of premature penetration testing.

There is no benefit to conducting “pen tests” (as jargon-lovers like to call them) when it is a near-certainty you will fail the tests. So why bother? At iCT Group, we prefer to secure your environments first. That is money better spent. Then, if your banks and partners demand proof of your robustness (or for your added peace-of-mind) we can help you to test and demonstrate your resilience via a battery of tests which we might commission at arms-length so that no one can question our possible conflict-of-interest. It’s like saying that the accountant must not be the auditor. The CEO must not be the Chair. Investigation must be independent. Otherwise, it’s a nasty game that puts profits before integrity.

Engage with iCT Group if you desire the peace-of-mind of deploying a cybersecurity strategy that utilises the best in software, hardware, tools, artificial intelligence, education, and protocols that are turbo-boosted by something no technology can replace: brainpower… human brainpower by experienced operatives who can outwit and outsmart hackers who are, after all, feeble criminals whose strength is in capitalising on your weakness. Let’s repair those weaknesses and repel the bastards.

Our partnerships with Telstra, Microsoft, Cisco, Palo Alto Networks, Sophos, and others provide us with amazing tools that we can apply and deploy strategically and intelligently.

Half good?

Bruce Lee once said, “Be like water, my friend… water can crash, or it can flow”. Water can be a solid, a liquid, or a vapour gas. It can take-on any shape. It can be light and refreshing, or so heavy that it can crush anything. A jet of water can cut through all types of metals. Water can be freezing cold, tepid, or boiling hot. Despite all these remarkable qualities, there is one thing water cannot do: it cannot discriminate. It cannot compartmentalise. It shares everything with every droplet, meaning that one drop of ink (or poison) in 10,000 drops of clear water, will contaminate every other drop. Here we can learn two concepts about water that form good analogies that apply to cybersecurity.

1) Even the most tidy and well-ordered of computer networks can be corrupted and set asunder. The disarray can come from a virus written by a 14 year old. Attaching itself to an email, the virus can self-execute in the background, causing incalculable damage by stealth. As per the water example, one drop of ink or poison could discolour or contaminate an otherwise perfect supply. And one unassuming virus can bring a massive complex network to a grinding halt. Overlooking small-things, can matter big-time.

2) The water cannot direct or dictate how it is to be polluted. It cannot segregate the toxins. Just as a flower offers its fragrance with neither fear nor favour, a toxin spreads to each and every molecule. In fact, the properties of the water will assist and accelerate its own demise. There is no such thing as a glass half-contaminated. A problem that persists in any sector of the water, is a problem for the entire body of water. And, so it is with computer networks and systems. What good is a firewall when there is no fire? What good is a filtration system when the contaminants are nanoscopic? What good is a password when the cyber criminal hitches a free ride on the back of your own staff or via networks owned by your suppliers and vendors?

While optimists like to think of the glass as half-full, hackers see every droplet as a possible vehicle through which to penetrate and infiltrate. It only takes one drop… one click… one crack… one opportunity… one mistake… one moment to gain access. Thereafter, calamity can follow, or it can brew slowly. Whether via brute-force or drip-feed, one thing is certain… victory is nigh for the cyber criminal. Patience is key, because the rewards are worth the wait. With ransomware demands edging closer towards $100 million, and arrests basically non-existent, it pays for hackers to plot from dusk until dawn.

Every security and defence agency has issued warnings. Their foreboding cannot be simpler. Their mantra is, “It’s not if. It’s when!” Every analyst and consultant has predicted your demise.

The damage that awaits you, will gush forth. You’ll have to deal with: corrupted systems; locked databases; angry customers; confused staff members; panicked stakeholders; defeated managers; curious journalists; and demanding creditors… amidst a ruthless, invisible, untouchable cyber criminal who knows that your greatest enemy is neither the technology nor the calamity itself. Rather, it’s “time”. Once your files have been hijacked and encrypted, every tick heralds mounting losses. The ransom (no matter how unreasonably exorbitant) pales next to compounding pain and suffering that washes over you and your dismal future with each passing, excruciating second.

No matter your ethical position or your stern policy of “never negotiating with cyber criminals”, your resolve will weaken. Just give it time… that healer of all ailments… time… will crush you. Your phone will ring, and the Chair will bellow, “Just pay the bastards!” You’ll beg the hackers for mercy, as you sign the largest expense bill of your career.

TRY THIS EXPERIMENT

If you doubt that a cyber attack could debilitate your organisation, why not prove it by turning-off your systems for a few hours. Do it without warning. Make it a sudden-death denial-of-service. You know that you can switch everything back on. So what have you to fear? The common response is that such a daft dare will prove nothing. It will merely disrupt the business for no real gain. True. You would be wise to avoid such a stunt. However, can you be certain that attackers would hesitate before bringing your organisation to its knees? A condition for which you team is neither trained nor drilled!

Assemble your best managers and discuss a scenario that assumes these parameters: a cyber attack will lock half your computers, while shutting your websites and web services. Your primary files (from finance to marketing to production) will be encrypted. Vital databases comprising customer details and transactions will be stolen then and deleted from your networks — which by now will be locked. Furthermore, confidential files, contracts, pricing, growth plans, financials, and top-secret correspondence will be leaked to the public at a rate of 100 records per day until you relent. Draw a series of flowcharts to simulate what is likely to happen to your organisation in physical and repetitional terms… not to mention the possible legal exposure if negligence could be proved to have been a factor that contributed to (or invited) the cyber attack.

MURPHY’S LAW

Edward Murphy Jr was an American aerospace engineer. He died well before the invention of electronics and computers. Murphy’s law starts with this adage, “Anything that can go wrong, will go wrong.” His other four laws are:

Left to themselves, things always go from bad to worse;

If there is a possibility of several things going wrong, the one that will go wrong, is the one that will cause the most damage;

Nature always sides with the hidden flaw; and

If everything seems to be going well, you have obviously overlooked something.

Murphy was not thinking about computers. Most certainly he could not have conceptualised the cruelty of cyber crime. If Murphy were alive today, he might decree a new law along these lines: The more you have to lose, the more likely you networks will be hacked.

COST OF WARFARE

In the world of traditional warfare, bombs are graded in terms of cost-per-death. If an incendiary or explosive costing $1,000 per device can cause 1,000 casualties, the cost/benefit ratio is appealing. Although atomic or nuclear firepower is even more economical, its side-effects are undesirable. The collateral damage is too great. This is when poison gases and nerve agents shine. Their ratios are an economist’s dream. A few litres costing just a few dollars, can kill millions.

Using this kind of cost/reward calculation, cyber crime takes the cake. Every which way you calculate it, from its cost of production, to cost of delivery, to return-on-investment, there has been no venture that has ever come close to the returns. Not drugs. Not diamonds. Not Ponzi schemes.

MR BIG

As with all lucrative markets, there are layers (middle-men) who emerge to add value, while extracting rewards. The middle-men who facilitate (recruit) wannabe cyber criminals, are the Mr Bigs who provide sophisticated technologies free-of-charge to anyone willing to spend a few hours per day finding ways to hack vulnerable organisations. The young kids in their bedrooms need only invest in a simple computer. The expensive tools (the cyber thieving services) are given to them. Mr Big provides a service by way of free access to: encryption technologies; fast computer farms; and training. The small fish set-about to learn the trade of hacking. This model is known a RAAS which stands for “Ransomware As A Service”. Everything the small-time criminal needs, is provided by Mr Big. His only demand is a cut of the action. With ransomware attacks netting millions, its easy-money from the comfort of their bedroom or college dormitory… or from the 15th floor of the State-sponsored comfortable corporate offices furnished by rogue nations who find it more lucrative than smuggling opium across borders.

WHAT CAN BE DONE?

The animal kingdom has addressed this kind of dilemma. The larger animals must eat. They will hunt. The smaller animals will be preyed upon. The clever ones have evolved to either trick the larger animals through optical illusions or unpleasant consequences. Small fish bloat to appear larger. Some have developed spots to trick the enemy into thinking the eyes are in a different place. Some utilise poisons or electrical zaps to scare-off would-be assailants.

In order words, one must do everything to protect… everything to educate the team… and everything to make it unpleasant (or appear too arduous) for hackers to persist with an attack. Repelling a cyber criminal is as important as hunting and combatting.

OUR STRATEGY FOR YOU

At iCT Group, we will show you how to diminish your vulnerabilities, while assisting you to give the outward impression that your network is not worth penetrating. Cyber criminals would be inclined to move along, in search of easier prey. There are plenty of fish in the sea, so let’s divert the hackers away from your organisation.

Let us assist you to batten the hatches and camouflage your networks and hide (and fix) the faultiness that send signals to cyber hackers who see the beacons as invitations to attack.

Perhaps now you can see why our seven prongs (seven services) comprise our unique offerings in a market with no shortage of cybersecurity consultants who seek to profit by bamboozling you with jargon, and dazzling you with party tricks in the form of premature penetration testing.

There is no benefit to conducting “pen tests” (as jargon-lovers like to call them) when it is a near-certainty you will fail the tests. So why bother? At iCT Group, we prefer to secure your environments first. That is money better spent. Then, if your banks and partners demand proof of your robustness (or for your added peace-of-mind) we can help you to test and demonstrate your resilience via a battery of tests which we might commission at arms-length so that no one can question our possible conflict-of-interest. It’s like saying that the accountant must not be the auditor. The CEO must not be the Chair. Investigation must be independent. Otherwise, it’s a nasty game that puts profits before integrity.

Engage with iCT Group if you desire the peace-of-mind of deploying a cybersecurity strategy that utilises the best in software, hardware, tools, artificial intelligence, education, and protocols that are turbo-boosted by something no technology can replace: brainpower… human brainpower by experienced operatives who can outwit and outsmart hackers who are, after all, feeble criminals whose strength is in capitalising on your weakness. Let’s repair those weaknesses and repel the bastards.

Our partnerships with Telstra, Microsoft, Cisco, Palo Alto Networks, Sophos, and others provide us with amazing tools that we can apply and deploy strategically and intelligently.

Cyber Ninjas

What happens when staff members are not paranoid enough.

Australian cyber crime case studies

Australian organisations who paid dearly for lax cybersecurity.

Ransomware global case studies

iCT Group showcases global ransomware cybersecurity attacks.

Famous brands suffer data breaches

100 firms who suffered cybersecurity attacks & data losses.

OUR SERVICES

Imagine setting-up something new, like a large-scale gold-mine. The thousands of strategic decisions would require a team skilled in various disciplines. Establishing a cybersecurity strategy is just as involved, and made more challenging due to the invisible nature of the beast. Another layer of complexity is that your company is already flying. We cannot halt your processes to align your data, hardware, software, and system. Yet, a cybersecurity strategy is an essential foundation, and that’s a task you can’t leave to tech-heads.

In the physical world, even the most secure of banks, vaults, and galleries have lost massive treasures. Some used explosive, while relied on ingenuity. If thick concrete and steal, along with cameras and alarms, have not stopped grand heists, what hope do organisations have when their entry and exit points number in the thousands. Also, their corporate secrets and client data, though protected by military-grade encryption, are penetrated thanks to naivety or inattention. At iCT Group, we address the weak points.

Have you seen those large muscle-doors made from impenetrable steal that is bolted together as one would enforce a cruise ship. The average thief would not contemplate ram-raiding such a fortress. Alas, despite the armoured barrier, there lies a weakness in a lock that can be picked in under two minutes. A might facade offers no protection against a skilled locksmith. And so it is with cybersecurity protection. Most of its bravado amounts to a lot of fuss and nonsense at the hands of skilled hackers.

Traditional monitoring utilises cameras, sensors, and sirens to signal a breach by way of a flashing light on a console. A patrol car is dispatched to check the premises, only to discover that a moth had triggered a false alarm. In terms of cybersecurity, the signals are flagged by the tens of thousands… per second. Which console operator can fathom so many alerts? That’s where superior brainpower needs to merge with computing intelligence. Absent lightning-fast analysis, monitoring becomes false security.

Fire fighters can tell you that, when approaching a burning building, fire and water are not the first two things they consider. Rather, they must decide about the gas, electrical wires, structure, victims, surrounding hazards… amongst dozens of considerations. A response requires decision-making combined with deep experience regarding matters as bland as traffic-management, and as complex as exploding cylinders. Similarly, responding to a cyber crime requires emergency-level attention that is as deep as it is broad.

Yes, hackers utilise mind-boggling technology to steal your data or lock your systems. However, they are assisted by unsuspecting staff members who have no idea how their actions and inactions open the door to let cyber criminals into the organisation. While ever you have people touching your systems, websites, emails, and software applications, you are in danger. Let us keep your people enlightened and alerted. If you are not spending as much on education, as you are on technology, you remain exposed.

Good and bad cultures, along with good and bad quality or service, or cybersecurity, all start at the top. At iCT Group, we understand the importance of keeping your Board members and senior executives informed about the world of cyber crime. Our presenters and educators are consultants with decades of experience. We can show your Board and Senior Executives how cybercrime can impact your financial and repetitional standing. You cannot navigate away from disaster if your leaders are not alerted and alarmed.