The Moroccan Times: These days, no one is immune to cyber crime – what is the most significant threats out there today?
Harish Chib: No organization, irrespective of its size, domain of operations or location is immune to cybercrime. What’s more, the growing number of attack surfaces, rising sophistication of attacks and their targeted nature mean the threat landscape is evolving rapidly and it is imperative that security solutions move in step with it.
One of the most dangerous cyber threats challenging organisations today is ransomware. Like most other cyber threats out there, this one has also evolved rapidly and become more mature and menacing. One of the more commonly used ransomware variants is crypto-ransomware which uses unbreakable encryption on user files.
Another big threat facing organisations emanates from inside the organisation in the form of insider threats. Employees, contractors, consultants and third-party vendors are exploited to gain access to an organization’s confidential data. This could happen in a number of ways. An employee might misplace his device which might fall into the wrong hands; or an employee can be a victim of phishing wherein he is lured in to click on a malicious link; or third-parties can be the target of malicious hackers, wherein they take advantage of less sophisticated security solutions and policies to make their way inside a parent organization’s network perimeter.
Apart from these what organisations and individuals have to guard against are social engineering attacks, retail data hacks, healthcare data hacks, malware attacks, Denial-of-Service (DoS) attacks, Zero-day attacks and more. When it comes to cybercrime, one cannot predict how an organisation will be attacked. Attackers will identify the weakest links in an organisation and use an attack vector that can best help break that link and infiltrate the organisation.
The Moroccan Times: What is being done in Morocco?
Harish Chib: A SophosLabs research indicates a growing trend among cybercriminals to target and even filter out specific countries when designing ransomware and other malicious cyberattacks. The research includes information from millions of endpoints worldwide and is analyzed by the team at SophosLabs.
Researchers saw historic trends of different ransomware strains that targeted specific locations. Versions of CryptoWall predominantly hit victims in the U.S., U.K., Canada, Australia, Germany and France, TorrentLocker attacked primarily the U.K., Italy, Australia and Spain and TeslaCrypt honed in on the U.K., U.S., Canada, Singapore and Thailand.
The analysis also shows Threat Exposure Rates* (TER) for countries during the first three months of 2016. The African countries were at an average level, Tanzania – 11.1 percent Kenya – 11.5 percent South Africa – 11.6 percent Egypt – 12.4 percent Angola – 15.7 percent Nigeria – 15.7 percent Tunisia – 16.4 percent Morocco – 16.6 percent Uganda – 24.9 percent Ghana – 25.5 percent Mozambique – 28.3 percent Algeria – 30.7 percent Zambia – 35.5 percent and Malawi – 39.4 percent.
* TER data represents malware infections and attacks per 1,000 Sophos endpoints in each country, Jan. 1 2016 to April 8, 2016.
Considering the threat landscape in Morocco and Africa at large, we have made this region our key focus area. We have made available the full spectrum of offerings from Sophos that include advanced and innovative network and endpoint products. We are also bringing to this region the new wave of security innovation that we call synchronized security that for the first time allows endpoint and network security products to actively and continuously share threat intelligence with each other to more effectively protect against today’s sophisticated threats, in a manageable way.
Sophos also offers its latest additions to its broad portfolio of security solutions including Sophos Intercept – its next-generation endpoint technology to boost protection against unknown exploits, the most updated versions of Sophos Clean and SG UTM, and its recently launched synchronized encryption solution – SafeGuard Encryption8, which can automatically respond to threat incidents from connected endpoint protection. Since enterprise mobility management is now a growing priority, the company will also showcase Sophos Mobile Control 6.0, a container solution with Sophos Secure Email that enhances data protection.
Sophos will also promote its newly launched partner program for the Middle East and Africa region, which has been designed to address the needs of different partners and their engagement levels with Sophos.
The Moroccan Times: How do you know if you have been a victim of cybercrime?
Harish Chib: There are different indications of whether you are affected by cybercrime and there is no single indication that will make you aware that a cybercrime has taken place.
Here are a few indicators of a cybercrime and that your network has been compromised:
- Unusual outbound network traffic
- Anomalies in privileged user account activity
- Geographical irregularities in log-ins and access patterns
- Spike in database read volume
- If attackers use SQL injection to extract data through a Web application, the requests issued by them will usually have a larger HTML response size than a normal request
- Large numbers of requests for the same file
- DNS request anomalies
- Unusual changes to mobile users’ device settings
- Web traffic with unhuman behavior
- Signs of DDoS activity
- Distributed denial-of-service attacks (DDoS) are frequently used as smokescreens to camouflage other more pernicious attacks.
Many attacks succeed when users let their guard down. Increasing employee awareness of the threat and providing examples can help keep your users from opening malicious attachments or clicking on links out of curiosity. Users need to understand that, while security tools enhance the security of the network, the user is the most important defense for protecting sensitive company information.
The Moroccan Times: How can individuals and organisations protect themselves against cybercrime?
Harish Chib: Individuals and organisations must move away from traditional point security solutions towards more advanced, next-gen solutions that are comprehensive, work as a system and which are easy to deploy and manage. They need to choose a vendor solution that helps aggressively safeguard their network and endpoint and is configured to protect them against the continuously evolving threat landscape.
Sophos offers a broad and powerful portfolio of IT security products allowing partners to deliver a “complete security” and a “synchronized security” solution to their customers. We are the only vendor in the world with a balanced business at scale across endpoint and network security. We are the first security vendor to deliver synchronized security, directly linking next-generation endpoint security and next-generation firewall to share threat intelligence that enables faster detection of threats, automatic isolation of infected devices, and more immediate and targeted response and resolution.
What organisations, irrespective of their size, must invest in is a cyber security infrastructure wherein the network and endpoint are seamlessly integrated in a way such that there is instant sharing of threat, security, and health information between endpoint and network. This will help them build a strong and future proof security posture.
The Moroccan Times: What can local businesses do in terms of education and defending against cyber threats?
Harish Chib: Protection against evolving cyber threats begins with understanding the evolving risks. It is necessary that businesses in the region gain a comprehensive understanding of internal and external vulnerabilities that can be exploited by cyber attackers to gain entry and access confidential data. They must identify the weak links and plan how to strengthen these links.
Once the risks are understood, they must develop and implement a security policy that permeates through every process of the organization and is clearly understood and followed by the organisation’s workforce. They must educate and train employees with respect to the safe practices, warning signs, and responses related to cyber threats.
It is also important to remember that educating and defending against cyber threats is a continuous process and should never stop. That will ensure businesses and their employees retain their security focus at all times.