Cyber security from A-Z
Posted on: 06 June 2017
The tool, accessible for free via Risk Director, offers our commercial lines policyholders the chance to assess their IT security measures with an online questionnaire based on the Government's 'Cyber Essentials' scheme. They get a tailored cyber security improvement report once the questionnaire is completed, and then also have the option to apply for Cyber Essential Certification via IT Governance.
Additionally, the assessment and Cyber Essentials Certification can help businesses address requirements for compliance with the General Data Protection Regulation, for which the deadline is 25 May 2018.
To mark the occasion, and help you develop cyber resilience both at home and work, we have put together an 'A-Z'* of cyber threats and defences that all computer users should be aware of.
The icons alongside them are coloured to show what is a:
- threat (red)
- vulnerability (amber); or
- defence feature/defensive action (green).
Scroll through or click the letters below to view each entry.
*This list is not exhaustive; it is only a selection of terms from the many available.
A software package that displays advertisements. Adware is a legitimate way to financially support free software, or to encourage payment for it (enabling an 'ad-free' mode). The ads will often be visible in the user interface and it’s common for them to be presented during installation or setup.
The term 'adware' can also be used to describe malware (malicious software) that presents unwanted advertisements. In this context, adware can range from being a nuisance to a real threat. Antivirus software can help protect against malicious adware, but some antivirus companies have been sued by businesses that use adware legitimately since it often blocks their advertisements.
A 'backdoor' is a loophole in the user authentication and access controls of a computer system. They can be included by developers for various legitimate reasons, like allowing user passwords to be reset, but they can also be added by individuals with malicious intent, or by malware. If default passwords are not changed, these can act as backdoors since they are so easy to bypass.
Computer users can protect themselves by ensuring they install all updates for their operating system (as they often 'patch' discovered loopholes), make sure they have antivirus software installed and running, as well as a firewall, and stay vigilant about preventing malware infections.
The act of bypassing security systems, software licences and legitimate adware.
'Expert' crackers find backdoors in programs and systems and write programs to exploit them. Other crackers will use and run those programs to avoid paying for software, deny access to legitimate users, destroy or manipulate data, or otherwise cause problems.
Some cracking can simply involve using purpose-built software to try various combinations of characters and work out what a password is. This is why it's so important to use strong passwords that (for instance) contain special characters, misspellings, unexpected punctuation interruptions, etc.
The aim of a DoS (Denial of Service) attack is to disrupt an internet service. It’s pulled off by deliberately flooding the target with requests so that it overloads, maybe even crashes, and legitimate requests are therefore prevented from getting through.
A DDoS (Distributed Denial of Service) attack involves using more than one unique IP address to overload the website and can be done by co-ordinating with other people to submit traffic.
DoS can happen accidentally if an unprecedented large amount of traffic overwhelms a website. This sort of event has various colloquial names, like the "Slashdot effect" or "Reddit hug of death".
Internet escrows were developed to enable protection for buyers and sellers during online financial transactions. In short, an escrow is an independent third party that holds money during the verification process of a transaction.
An offline example of escrow is when you put money into a vending machine and it is held while you make your selection, or until you cancel the transaction.
Bogus escrows can be used to defraud victims. To appear legitimate, they will encourage a seller to use a third-party escrow service (often spoofed, so it looks like the real thing), but the payment is never received. Always check website addresses and security certificates to make sure any websites you are using for financial transactions are genuine.
When unauthorised individuals use your wireless network connection. Freeloading can slow down your internet, since bandwidth is being stolen, but it can also mean that the freeloader may be able to access your connected computers and devices.
Freeloading can be prevented on home and business networks by ensuring WPA (WiFi Protected Access), a type of data encryption, is set up on the router with a strong password.
Some businesses provide free wireless internet that requires no registration or password entry. Be wary when using such connections as your device may be at risk from malicious trespassers.
A process that determines whether your information security control meet the standards required to be compliant with regulations. The provider will then usually give advice and guidance on how to achieve best practice standards.
We have partnered with IT Governance to provide the Allianz Cyber Risk Assessment which, for free, can be used to create a tailored cyber security improvement report, in a similar fashion to that which you might receive following gap analysis.
Penetration testing (pentests) and ethical hacking, similarly identify security weaknesses so that they can be addressed, but may not look at the regulatory requirements.
An IT system feature designed to lure hackers away from sensitive and crucial data and programs and instead to a location where the can do little or no harm. The honeypot acts as bait, appearing to be a legitimate part of the system, when in fact it is isolated and monitored so that infiltration attempts can be flagged and the attacker(s) can be stopped.
Honeypots come in various forms, being quite simplistic with little or no interactive features, to intricate high-interaction replications that are more likely to fool an intruder, but are also quite expensive and often laborious to maintain.
'Deception technology' is an emerging category of cyber defence tools that expands on honeypot technology by taking advantage of automations, so the 'decoy' defence tactic may become more commonplace in the future.
Quicker than a full backup, an incremental backup only picks up on files that have been updated or added since the previous backup.
Backups are vital for both business and personal life as they protect files, software and data from physical perils (such as power surges) and cyber threats (like ransomware attacks). It is important to update backups on a regular basis, therefore incremental backups can be a good solution for those who have large amounts of data to protect.
Just like the Trojan Horse of Greek mythology, a trojan virus comes in a form that appears harmless, but conceals threats - namely malware.
Trojan viruses can be found in phony installation files for seemingly authentic software. They are often initially concealed in display ads tactically located and designed to look like legitimate 'Download' or 'Install' buttons and trick users into clicking them.
Robust antivirus software and vigilance can protect computer users against trojan viruses.
A virus or device that records keystrokes so that sensitive information like passwords or credit card details can be captured.
Make sure antivirus software and firewalls and kept up-to-date to protect your computer system against keyloggers and be wary of devices, like USB drives, plugged into your machine without your knowledge.
Keyloggers can be used legitimately for research into writing processes.
Storage of system access, activity and configuration history. This may be required for compliance with certain regulations, but it can also help reduce downtime and vulnerabilities by identifying what happened on the system during specific times, therefore narrowing down the reason for disruption.
Log retention is backed up by the use of non-repudiation to expose user behaviours that could make the system vulnerable to malware or data theft.
Malware that takes advantage of macro capabilities (a programming language found inside certain applications, such as Microsoft Excel). Macro programs are embedded in documents and will run automatically when one of those documents is opened.
Macro viruses used to be very common but over the years patches were built into targeted programs, and antivirus software will usually immediately identify and counteract them.
Computer users should still remain vigilant and never open attachments or download files if they're not sure they can trust the source.
A service that authenticates and records an individual's activities so that it can be proved where data has originated.
This works in a similar fashion to keycards in an office block. Whenever someone enters, swiping their keycard in the process, a record is made of the time, and the same happens when they exit. This way, property management facilities know how many people are in the building and can identify individuals inside at a particular time if they are investigating an incident.
Personal user accounts on company IT systems are a form of non-repudiation as activity will often be monitored internally. Unlocked computers can however be taken advantage of to carry out a malicious act without revealing the true perpetrator. For this reason, it is important that employees keep their passwords to themselves and make sure they lock their devices when they're unattended, even for a moment.
Firewalls will often block programs from communicating with your computer to protect you. If this happens, and you trust the program, an exception can be made on your firewall settings. Sometimes, it may be necessary to open a 'port'. Ports stay open all the time and allow continuous relay of information.
Make sure ports are closed as soon as they are no longer required to prevent malware, viruses or unauthorised users from making their way onto the computer system.
The definition of 'proxy' is something that acts on behalf of another, i.e. an intermediary. Therefore, a proxy server is a computer or software system that acts as an intermediary between a user's device and another server (e.g. that of an external website).
In a business's IT infrastructure, a proxy server can be used to ensure security and administrative controls. It can also be used to either provide user privacy or the opposite, monitor traffic.
Abbreviation of 'Quick Response Code' - a type of barcode that contains information about what it is attached to. A QR code contains black squares arranged in a square grid. This can be read by imaging devices - most commonly a camera on a smartphone.
QR codes are becoming increasingly popular as, compared to Universal Product Codes found on products in trade, they can be read faster, by more devices, and are capable of greater storage. They are used for product and time tracking (e.g. in parcel delivery), item identification, authentication and marketing (namely by directing the user to a webpage or download).
Scanning a QR code from an unknown source can be risky as it may contain code which causes the affected device to carry out an action that reveals information or a vulnerability or causes a transaction to take place.
Often referred to colloquially as 'bricking', this feature is designed to protect data on portable devices, such as laptops, tablets and smartphones. The device is wiped and/or locked from a remote location as soon as the relevant party has been notified that there is a risk an unauthorised individual could access sensitive personal or commercial information. This therefore makes the device as useful as a brick.
A common example of when a remote wipe may be required is when an employee accidentally leaves their laptop on the train and there is no evidence that it has been handed in to the police or a train station along the line. Many devices that can be ordered online and shipped 'pre-loaded' with user data can similarly be bricked if they do not reach the intended recipient.
The creation and execution of a message (in the form of a website, email, text, etc.) that appears to come from a generally trusted source. These messages will often contain malicious links and/or downloads, or ask the recipient to complete a set of actions that will allow the sender to receive passwords, money or other sensitive information.
Gaining evidence for and verifying identity using more than one means. This has been common in online banking for a while and usually involves providing a combination of details, such as a randomly generated customer number, a user-generated PIN and/or password, transaction code (which is received via text, email, post or smartcard transaction) or the answer to a security question.
Two-factor authentication is a more secure method of user verification than the traditional email address (or username) and password combination.
A method of resistance against low level cyber-attacks that works by removing (or 'patching up') vulnerabilities in an operating system and/or software.
Updates (sometimes known as security patches) can be used to repair backdoors or to add extra defences when faced by specific threats. It is vital that updates are installed as soon as they become available as they often address previously unknown threats - i.e. zero-day attacks.
Getting hold of sensitive information by phoning an individual and persuading them to access a spoofed website, download malware, or submit a payment to fraudsters. Victims are usually told something along the lines of "I work for Microsoft and we've identified that your computer is vulnerable, so you urgently need to complete these actions to protect your data" or "If you complete these actions within this timeframe, you will win a prize".
As people have become increasingly wary of the threat from vishing, fraudsters have come up with methods to appear more convincing, like getting the caller to dial a number to 'authenticate' that they really are talking to an employee of a genuine company.
Phishing is the equivalent of vishing that, instead of a phone call, begins with an email.
Malicious software (malware) that replicates itself and spreads by creating backdoors, exploiting existing security loopholes or tricking users on a computer network. A worm can cause disruption by using up bandwidth and slowing the system down, deleting or stealing data and encrypting files.
Worms are one way of executing ransomware attacks. Countermeasures include ensuring that antivirus software, firewalls and other installed defences are up-to-date, patches are promptly installed and staying vigilant against spoofing and similar threats.
A file with the .exe suffix is an executable file, which means it will install and run software on a computer.
Computer users must exercise caution when downloading and opening .exe files and make sure that it is coming from a trusted source. Criminals will often use spoofed websites, digital advertisements and/or emails to get their malware .exe file onto a computer system.
As a defence, most operating systems request administrative approval each time before opening and installing .exe files and standard users on company networks will often be prohibited from launching any .exe file.
Abbreviation of 'bring your own device', which is the authorised use of personal devices on company networks. For businesses with tight budgets, this can be a great solution to hardware procurement, and it may also be useful if contractors and/or freelancers are used frequently. Employees with specialist needs due to a disability, or that require advanced hardware and/or software to do their job, may also wish to use their own device at work.
BYOD practices can be risky as the business's IT department will not have as much control over the security features and activity that takes place on the devices. Malware on an employee's personal device could make its way onto the business's computer network upon connection, and any company data saved onto the device will also be vulnerable.
An event where a vulnerability, very recently discovered, is exploited before developers can release a security patch. It is known as a 'zero-day' attack because there have been zero days to find a resolution since the threat was identified.
Until the patch is released, developers may release advice to users to prevent attacks in the meantime, like not using a particular program, or not accessing their device.
Crackers and hackers may sell information about zero-day attacks to individuals or companies that either wish to maliciously exploit it, or to create a patch and prevent exploitation.
- Allianz Cyber Risk Assessment - developed in partnership with IT Governance with the option to apply for Cyber Essentials certification.
- Cyber security consultation and services from InteliSecure.
- Business continuity consultation and planning and supply chain risk assessments from Glen Abbot.
- Lightning strike and power surge protection from BEST Services.
- Property marking to deter theft by Selectamark.
- Helping businesses protect themselves against cyber threats - the WannaCry ransomware attack of May 2017 highlighted the need for good information security practices for organisations.
- Directors and Officers: tough at the top - overlooking cyber threats education can cost busnesses dearly.
- The top risks for UK businesses in 2017 - the Allianz Risk Barometer, by AGCS, identifies the top corporate perils year-by-year.
- Cyber: today's growing threat - as cyber security breaches become an issue for an increasing amount of businesses, what can be done?
- The changing road ahead: cyber and the motor industry - motor traders and fleet owners need to start thinking beyond traditional, physical, security measures.