A short while ago, if you’d asked me which countries in the world were the least vulnerable to cyber security breaches, I would have said “the richest ones, of course! They can afford all the security software, hardware and threat intelligence they want!” And yet the most recent breaches that made the headlines and caused much political and financial drama happened in those same countries that I thought could pay for protection against anything. This led me to reconsider my answer, do some research and put together a more informed opinion.
In the course of my research, I found an interesting infographic that gave me exactly the answer I was looking for, titled “Countries that are the Most and Least Cyber Safe.” I scrolled down the image and was mostly unsurprised by its contents until I read the section titled “The Top 10 Countries that are most Vulnerable from Cyberattacks.” Amongst those 10 countries was one entry that stood out like a sore thumb: Belgium.
Belgium? You mean, the country that hosts both the European Union (EU) and North Atlantic Treaty Organization (NATO) headquarters? The 25th most rich country in the world? You’re telling me that a nation that is both rich and has plenty of politically sensitive data worth protecting is one of the most vulnerable to cyber attacks?
Reading that blew my mind. I needed to know more. First of all, what did the infographic mean by “vulnerable”? Secondly, how could Belgium of all countries be so vulnerable?
Rapid7 is the company behind this data which they gathered by scanning millions of internet channels for vulnerabilities (e.g. unencrypted plain text services, out-of-date email encryption, server ports, etc…) then identifying their location using their IP address. In Belgium's case, 31 per cent of systems or devices had at least 30 exposed ports, which could be used by people snooping on networks to gain access to private information.
Note the use of the words “systems” and “devices”. We’re not just talking about standard desktops, laptops and servers here. We’re talking about any electronic device that can connect and exchange data including home appliances and vehicles. Smart phones, smart TVs, smart refrigerators, treadmills with built-in Wi-Fi - they’re included and all of these 20+ billion devices communicating with each other are collectively known as the Internet of Things (IoT). Our Chief Strategy Officer, Colby Derodeff, wrote an article about this topic in 2015, particularly how security analyst’s jobs would be affected by the growing challenge of managing the Internet of Things’ security risks.
Now let’s look at why these devices are typically less secure than your average computer. Firstly, they’re equipped with far less storage memory and processing power, making it much more difficult if not impossible to include much in the way of security features on them. Furthermore, in May 2017, Junade Ali, a Computer Scientist at Cloudflare, noted that native DDoS vulnerabilities exist in IoT devices due to a poor implementation of the publish–subscribe messaging pattern. In this messaging pattern, ‘publishers’ do not program their messages to be sent directly to specific ‘subscribers’; instead they categorize published messages into classes, then send them out to the network without knowing which subscribers, if any, will receive them. Similarly, ‘subscribers’ do not know which publishers to expect messages from, they only know which class(es) of message to expect.
Knowing all of this made it more clear to me how one of the most prominent European nations could be so ‘vulnerable’ to cyber attacks, but still left me wondering - couldn’t all of these devices be made more secure? Shouldn’t it be a standard that these devices include the encryption of their data? The good news is that the International Organization for Standardization (ISO) recently began to work on the Internet of Things standards. Until they’re done however, the immediate solution is to either reinforce the security of the networks that these devices are connected to or switch off their network features entirely.
Though there are many ways to minimise the risk of being breached, no one’s ever really safe from being the victim of a cyber attack. Anomali gives you the means to detect current and past breaches thanks to Anomali Enterprise, a threat and breach analytics platform that provides real-time forensic analysis of your network. By ingesting indicators from ThreatStream, Anomali’s threat intelligence platform, then making matches with your network logs, it can generate a timeline of matches going as far back as five years ago (depending on available storage space). With this kind of information, you can immediately determine the scope of an attack, what phase it’s in and which specific devices were targeted. A chain is only as strong as its weakest link and knowing where your weaknesses are is the first step to improving your infrastructure’s security.
Jermain is a Sales Engineer dedicated to tailoring Anomali solutions for customers looking to improve their cyber security infrastructure and workflow. Besides sharing his interest in threat intelligence, Jermain likes to train in martial arts, travel the world and try new foods.