AccountabilityBest PracticeSecurityTechnology
February 15, 2019

Stop contributing to the global cybercriminal haul

According to a 2018 study led by Dr. Michael McGuire, Senior Lecturer in Criminology at the University of Surrey, worldwide cybercrime revenues are estimated at $1.5 trillion per year. In 2019, Canadian businesses of all sizes should take measures to stop contributing to the global cybercriminal haul.

APPLY PATCHES AND UPDATES

While exotic zero-day vulnerabilities grab headlines, in reality intruders frequently succeed by exploiting known security issues for which patches already exist. Unless patches are applied regularly, the resulting security landscape makes it far too easy for relatively unsophisticated cybercriminals to intrude into systems and steal data.

Many organizations, both public and private, suffer from misaligned priorities. They deploy expensive security products, but neglect basics such as patching. Intrusion prevention and antimalware are important, but they do little to protect servers and PCs riddled with security holes.

While it is possible to keep systems up-to-date through diligent system administration practices, a variety of vulnerability and patch management tools are available to help. If your organization has not made software updates a security priority in the past, make it one for 2019.

HARDEN SERVERS

It is difficult to find security advice written in the past few decades that doesn’t include server hardening. Yet time and time again, security professionals and hackers find network services that shouldn’t be there in the first place, nevermind exposed to the network.

While legacy systems may present challenges, the majority of the time the real issue is that security is just not a priority. Insecure protocols such as FTP and telnet have no place on today’s systems. Unless the server is a file server, inbound connectivity to SMB ports should be blocked. While it might be more convenient for administrators to update web content via a Windows file share, it’s a poor security choice. SCP and SFTP are far more secure.

Server hardening also includes making privilege escalation more difficult. Web servers, databases, and similar applications should not run with administrative privileges, and when colocated on the server should be protected against each other. As an example, a database process should not have write access to a web server’s directories.

SECURITY AWARENESS TRAINING

Phishing and fraud are on the rise. Never in history has it been easier to research and target individuals and businesses, and criminals are getting much better at it. In the past, poor grammar and comically bad writing made fraudulent emails easier to spot. More recently, fraudsters have seriously improved their game. Employees today are receiving well-written emails, addressed to them by name, and purporting to be from managers and executives within their organization.

While technical controls can certainly help (it is amazing that in 2019 we don’t have a clear indicator of whether an email originated inside or outside our organization), the real key is security awareness training. In fact, training employees likely has a higher ROI than any other security expenditure.

MULTI-FACTOR AUTHENTICATION

Another opportunity to improve security this year is to adopt multi-factor authentication. Most major companies support it, and thanks to the standards charge lead by Google Authenticator, no extra hardware is required. Apps like Authy make it easy to manage multiple accounts and synchronize MFA credentials across multiple devices.

Low cost FIDO U2F and FIDO2 devices make hardware-based MFA simple and easy. A single device can be used to authenticate to an unlimited number of Internet sites and accounts.

Organizations should consider the services they use, and prioritize MFA starting with email and social media accounts. Those using cloud computing should, if they are not already, mandate the use of MFA for all administrator access.

BACKUPS

The final line of defence against a multitude of security incidents, including ransomware attacks, malicious insiders, hardware failures, and natural disasters, is recovering data from backups. Protecting data is an obvious business imperative, yet many business fail to adequately do so. This is particularly problematic for small businesses and individuals. Ironically, unprecedented Internet bandwidth and low-cost backup services make it easier than ever. At a cost of around $5 per PC for automatic, unlimited backup, there is simply no excuse.

About this author

Avatar

Eric Jacksch

Eric Jacksch is a leading cybersecurity analyst with over 20 years of practical security experience. He has consulted to some of the world's largest banks, governments, automakers, insurance companies and postal organizations. Eric is a regular columnist for IT in Canada and was a regular columnist for Monitor Magazine and has contributed to several other publications.

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Accountability
 
We live in the age of paradox.  Never before in human...
 
Despite a rapid expansion in digital democracy initiatives around the globe,...
 
On October 22, 2018, elections were held in Ontario’s 400+ municipalities....
 
What are the key initiatives to support government innovation and change?...
 
Buying Social. Responsible sourcing. Ethical procurement. Sustainable procurement. Whatever name you...
 
In this episode, Lori Turnbull discusses the positive side of disruption,...
 
The Annual Financial Report of the Government of Canada Fiscal Year...
 
According to a 2018 study led by Dr. Michael McGuire, Senior...
 
Imagine your favorite world class service provider replacing the Board of...
 
When Mark Zuckerberg checked out of Harvard for California’s Silicon Valley,...
 
In his article, Gaming the System, How the misuse of data impedes...
 
My observation is people often take the view, “no one else...
 
The recent 2018 Senate Report examining the Government of Canada’s Phoenix...
 
Human services agencies play a vital role in society, providing a...
 
Tornado warnings broadcast a few weeks ago in Eastern Ontario and...
 
Canada’s international reputation for welcoming and integrating newcomers is unparalleled. At...
 
A few years back, consultants with ghSMART told us the biggest...
 
On today’s show, J. Richard Jones sits down for a chat...
 
Procurement modernization has been a Government of Canada (GC) policy priority...
 
It takes a lifetime to build a reputation and just moments...
 
Over the past two decades, codes of ethical conduct have become...
 
Earlier this year the Canadian government took a crucial step by...
 
On the global scene, technology has revolutionized and automated the work...
 
Over the past decade, major Canadian procurement projects have encountered increasing...
 
Prime Minister Justin Trudeau has, on many occasions, expressed his commitment...
 
In this episode, CGE radio show host J. Richard Jones speaks...
 
There is growing pressure on governments around the world to be...
 
Public servants are responsible for providing advice and support to the...
 
Today, the challenges facing governments are increasingly shifting away from traditional,...
 
Management in the Government of Canada is continuously searching for new...
 
Rankings of public sector entities has been big trend for quite...
 
Canadian Government Executive media through its upcoming TechGov event is providing the...
 
Ships docked in a harbour may not be going anywhere; however,...
 
The International Monetary Fund (IMF) in issuing its annual review of...
 
There’s no shortage of organizations claiming to have a digital transformation...
 
Cybersecurity professionals have sounded the alarm for years, and they are...
 
Cost estimation is becoming an extremely important skill within government due...
 
In this special episode of CGE Radio, your host John Jones...
 
Security professionals have an obligation to communicate risks and recommendations to...
 
Risk is always present in any undertaking, no matter the size...
 
Cost overruns have become institutionalized in the federal government, according to...
 
Last year, procurement Minister Jody Foote was prompted by the swirling...
 
Professionals, managers, and executives in the cost estimation industry can gain...
 
In this episode, hear from Carl Hammersburg, Manager, Government and Healthcare...
 
A new study from the Conference Board of Canada gives our...
 
In the world that we are living in today, free and...
 
The delivery method developed by Sir Michael Barber, chief adviser to...
 
Rules and accountability are helpful in developing and standardizing processes but...
 
Canadian doctors were told that climate change impacts human health and...
 
Even as talks between the government and federal workers affected problems...
 
The largest effort in 20 years to seek public input on...
 
Ottawa has overhauled the process by which justices are picked for...
 
July 27 was pay day some federal public workers that finally...
 
The Senate committee looking into Canada’s Syrian refugee program wants the...
 
In this episode, editor-in-chief, Patrice Dutil talks about the need for...
 
Yes, according to the former head of the Canadian Security Intelligence...
 
As much a 20 per cent of grade seven students in...
 
A Quebec superior court judge facing allegations that he helped commit...
 
In a move meant to the strengthen liability and compensation regime...
 
We often read news articles about rampant drug addiction and suicide...
 
Upon receiving numerous complaints regarding add-on fees that turn making economy...
 
Are you absolutely clear what the government wants to achieve? Are...
 
Veterans Affairs Canada is not adequately managing the drug component of...
 
Whether responding to emergencies back home or assisting regular troops abroad,...
 
Some public servants will have to request their departments for emergency...
 
A landmark Supreme Court ruling has paved the way for some...
 
The Canadian Radio-television and Telecommunication Commission (CRTC) yesterday heard from several...
 
At least one prime minister has resigned, another in under fire,...
 
It appears it was not just the Mounties that were affected...
 
A while back there have been numerous media reports about the...
 
Performance auditing can lead to more efficient, effective, and economical program...
 
Written By Jason McNaught The Public Service Alliance of Canada was...
 
Independence has long been regarded as a cornerstone of the auditing...
 
Canada is a diverse nation, in language, culture, geography, and, ultimately,...
 
Public sector organizations are under increasing pressure to identify all risks...
 
The government of Canada has implemented several measures over the past...
 
Whether at the territorial, provincial or federal government level, internal audit...
 
An organization’s reputation can take years to build but it can...
 
On October 30, Ontario began second reading of the Public Sector...
 
In the well-known children’s story, an Emperor falls victim to the...
 
The Nova Scotia Office of the Ombudsman is a small operation...
 
I think the ombudsman needs to be independent, because without independence...
 
Today’s business environment changes rapidly to adjust to evolving conditions and...
 
The best internal auditors actually are really good managers first. I...
 
The recent controversy about the actions of some staff members in...
 
Most professionals don’t need more than a sentence at a cocktail...
 
Recent research by the Institute of Internal Auditors Canada aims to...
 
When is it that a politician becomes part of the governing...
 
It’s been a busy couple of weeks on the information, privacy...
 
In 1996, a new budget watchdog, the Parliamentary Budget Officer, was...
 
The Ontario government is moving forward with the creation of a...
 
The Office of the Public Sector Integrity Commissioner of Canada (PSIC)...
 
After the Auditor General’s (AG) report was released on April 30,...
 
In the U.K. system, Permanent Secretaries are what we call Deputy...
 
We are living in a period of rapid change and limited...
 
US public sector employees don’t trust their management to do the...
 
The news of Mark Carney’s nomination as the new Governor of...
 
Following Singapore’s independence in 1965, the controversial leadership of Lee Kuan...
 
Over the past few years, the preparation and delivery of the...
 
In healthcare, cost-cutting can result in cutting what is valued most...
 
For over 20 years Colin Bennett has been exploring issues of...
 
Even before controversy shook the organization to its foundation, Ornge was...
 
It will be the largest international multi-sport event ever held on...
 
We’ve all seen the headlines – BC Ferries, Ornge, la Caisse...
 
It can happen, and it’s noteworthy when it does. Government, business...
 
Kevin Page’s mandate as the first Parliamentary Budget Officer comes to...
 
Governments are challenged to meaningfully mitigate the effects of the financial...
 
Canada is facing a huge financial challenge brought on by massive...
 
For the past one hundred years, democratic states have been moving...
 
It’s so much easier and less painful to learn from the...
 
CGE Vol.13 No.7 September 2007 "If the Public Service, as a...
 
When pondering leadership, we immediately think of exercising our influence downward...
 
CGE Vol.13 No.1 January 2007 "How can I be held accountable...
 
CGE Vol.13 No.2 February 2007 Canada’s Performance 2006 is the sixth...
 
CGE Vol.14 No.1 January 2008 The furor over the $300,000 that...
 
CGE Vol.14 No.2 February 2008 Let’s say you’re a senior manager,...
 
CGE Vol.13 No.1 January 2007 Perhaps it’s a legacy of the...
 
The Independent Blue Ribbon Panel on Grants and Contributions called for...
 
Au Canada, le secteur bénévole et à but non lucratif vit...
 
As the global economy struggles to regain some forward momentum, Canadian...
 
This will be a defining budget for Stephen Harper. It will...
 
It is difficult to determine when the debate about the need...
 
For the next few years, the federal government’s overarching agenda will...
 
Much of the current conversation about the federal government’s economic agenda...
 
Bill Greenlaw is the elected president of the Institute for Public...
 
Have you ever asked yourself the question: ‘How would I evaluate...
 
Last fall, Alberta’s Employment and Immigration department posted online the workplace...
 
In 2006 the world was feeling the aftershocks of a number...
 
CGE Vol.13 No.4 April 2007 Robert Parkins, editorial director, met recently...
 
In the past two decades, the nature of the state has...
 
In recent months, the attention of Canadians has been focused on...
We live in the age of paradox.  Never before in human...