Once hailed as unhackable, blockchains are now getting hacked.
That was the headline of an article by Mike Orcutt that was published on MIT Technology Review online, on February 19th, 2019. Here is an extract from the article:
“Early last month [January – Editor], the security team at Coinbase noticed something strange going on in Ethereum Classic, one of the cryptocurrencies people can buy and sell using Coinbase’s popular exchange platform. Its blockchain, the history of all its transactions, was under attack.
An attacker had somehow gained control of more than half of the network’s computing power and was using it to rewrite the transaction history. That made it possible to spend the same cryptocurrency more than once known as “double spends.” The attacker was spotted pulling this off to the tune of $1.1 million. Coinbase claims that no currency was actually stolen from any of its accounts. But a second popular exchange, Gate.io, has admitted it wasn’t so lucky, losing around $200,000 to the attacker (who, strangely, returned half of it days later).
Just a year ago, this nightmare scenario was mostly theoretical. But the so-called 51% attack against Ethereum Classic was just the latest in a series of recent attacks on blockchains that have heightened the stakes for the nascent industry.”
Exploits on blockchain goes a long way to show you how there is no technology security system that is un-hackable. What man can make; another man can find vulnerabilities. There is no technology solution that is 100%
The secret is therefore in not implementing a system or systems that are hack proof, but ones where the hack can be prevented if under on-going monitoring.
And that is where cyber security as a service (Csaas) by Summit Consulting Ltd comes in. When it comes to cyber security, there is nothing like being over secured. You need confidence that your mission critical resources – core banking server, enterprise resource planning (ERP) system and other critical servers like mobile and internet banking servers, email servers and ATM servers and CCTV servers, to mention but a few are safe and sound from risks of manipulation, unauthorized modification and data leakages or deletion.
We have investigated cybercrime cases at over 120 financial institutions in East and South African region. One of the painful things is failing to solve a crime where the client calls you expecting answers.
You need to know that computer forensics is not magic. It is analysis of evidence seized at the crime scene. If such evidence has been tempered with or spoiled, it makes it difficult to solve the case.
Take an example, take a case of CISCO ASA Firewall. By default, the ASA can use up to 1 MB of internal flash memory for log data. If the system admin deliberately does not save the logs to a central server, it becomes next to impossible to aggregate logs and alerts for further analysis to conduct threat intelligence. In that case, if logs are not backed up to an external logging server outside the company network, it becomes impossible to determine whether the attacker originated from outside the network or was internal; since you don’t have logs from the firewall to analyze and rule out an external originated attack!
Take note that just 1 MB flash memory can store just two days of logs. If the crime is discovered after 3 days, the flash memory would have been cleared and refilled with flesh logs only. So there is no hope to recover logs whatsoever. Solving the crime becomes something very difficult.
It does not matter the size of your IT team.
You need external support to provide independent oversight on your internal cyber security team. That is what nations do. They don’t trust one person. They have multiple people working to give you independent assurance.
The fact is your cyber security agenda is critical. ICT is your mission critical resource. We provide a dedicated cyber security team to strengthen and maintain your information security across all three building blocks of defense in depth which are (people, policies, and technology).
At Summit Consulting Ltd, our Cyber Security as a Service solution does not intend to replace your internal IT and cyber security team. Rather, our services aim to provide independent checks and balances on your security posture. We are your ‘external auditors’ for cyber security assurance. Your internal cyber security team will tell you how your security program is hack proof; we test to see whether what they tell you is correct.
Expert review on the expert’s work.
Our experience is that executives and directors don’t need to learn everything since there is already a lot on their plate like growing the top line. The issue of cyber security should be outsourced to trusted professionals. The same way a company has internal auditor and an external auditor, the same way an external cyber security provider is needed.
As an institution, you save money and time wastage in managing Human Resources related processes like employee hiring.
summitSECURITY improves your security.
We help review your security setup. The services we provide under Csaas are:
- Security essentials health check
We conduct both black box and white box pen tests to assess the state of your security posture. For black box tests, we attempt to hack into your system from an offensive point of view to see the extent an external hacker could penetrate your system for malicious or fraud intentions. We do it before the real bad guys do it. That way, you are able to proactively identify weak points and close them after instead of calling us to investigate after the fact.
For this reason, black box pen test is so critical. The results of the black box pen tests help to improve your security controls and invest wisely. Before you implement that firewall, ask yourself, is it placed at the right spot? Is it well configured to prevent external attackers? Does it add value to the security setup of the enterprise? Without a pen test, you risk investing in security hardware and software which is not adding value.
For example, before you install a security gate, security cameras and barbed wire, you must first undertake physical security risk assessment to identify the black spots in your physical environment so that you install a camera at a location with the highest asset or most vulnerable point. That is what a pen test does.
At SCL, we undertake bi-annual security essentials health check to identify blind spot areas in your databases and networks and recommend the best security investment that speaks to your business. To avoid overspending on cyber security, conduct a proper security essentials health check.
2. Routine database and network vulnerability scans and threat intelligence
A penetration test is crucial for your overall enterprise security risk assessment. You need to undertake a 360 degrees network vulnerability reviews to test for common exploits and zero-day attacks.
A database and network vulnerability scan will help assess the security posture of your core databases (servers that keep your critical data) and computer netwrok to both insider and external attacks. Over 80% of cases where database integrity or data manipulation was reported, there was involvement of insiders. Such insiders include your vendors both for technology and others like cleaning and computer maintenance, IT staff, security staff, consultants and guests or customers. You need a database and network scans to assess the threats of such people.
The problem of being stolen by insiders is that the crime can go on for a long period of time since they know your schedules and timelines. They know when you do an audit, when you review the reports and what reports or customer accounts you look at! It is like your house-help at home. They can steal from you for a long period of time since you allow them access to your home officially. You need to change your routine to know the truth! Our security risk scan is changing the routine so that your insiders lose track of the routine or schedule. They just see the external team doing the test.
3. Mock-phishing exercises
We do this as part of internal or whitebox penetration testing. We attempt to conduct common phishing attacks on your network in additional to other social engineering attacks to test your overall security hygiene.
4. Employee security-awareness training quizzes and online training
We administer security awareness quizzes to assess your staff level of security awareness against common attacks. The results of the quizzes help to make custom training courses that speak to your enterprise.
Given that staff is the weakest link in any security program, ongoing cyber quizzes helps keep staff alert.
5. Security awareness posters, newsletters and reports
We undertake on-going security awareness training by documenting clear and short posters that are educative and provide key security information easily. In addition, we help write newsletter emails about custom security information that are relevant for the client. In addition, we undertake bi-annual security surveys to assess the state of security.
This approach helps prevent the common excuses of ignorance which many staff use following a cyber instance and they are identified having failed to implement a critical control.
6. Critical assets security monitoring
What are your critical assets?
We work with you to undertake a business impact analysis (BIA) to identify the top assets by criticality to core business processes and value loss incase of downtime.
We then implement an on-going live monitoring of such assets to make sure that you don’t get any surprises. Real time threat intelligence and alerts on critical assets helps promote overall security by focusing on proactive cyber security risk management.
To use our services, contact us today.