Part 3: Technical Threats at The Heart of Cybersecurity

A cybersecurity convention would not be a cybersecurity convention without discussion on technical cybersecurity. At the Cyber Security Nordic this discussion largely revolved around the threats posed by technology and potential solutions. Perhaps surprisingly, however, most of the interventions did not address the threat posed by high-level cyber weapons or advanced attacks, but instead focused on the threat posed by commonly used malware or known vulnerabilities. Almost all of the experts specialising in testing or evaluating information security who spoke at the convention expressed the same view that the majority of successful cyberattacks exploit a known and thus in principle avoidable vulnerability at some point in the attack. The statistics presented by the various speakers on this varied between about 40% and 60%, but the message was clear. In addition, according to speakers from Finnish Netum and international HCL Software, vulnerabilities of this kind can be found in the devices and systems of almost every organisation or company. In many cases, investments aimed at improving cybersecurity are in vain, as instead of these known gaps, they are targeted at improving the resilience of a firewall or protecting against high-level threats, leaving these easier attack vectors sites open. At the end of the day, patching these gaps would be relatively simple and, in many cases, inexpensive, but it requires constant awareness of newly discovered vulnerabilities and a diligent update rate to keep protection at a decent level.

In addition to maintaining a good update rhythm, attention should also be paid to the physical component of cybersecurity. Most attacks start with individual endpoints used by the organisation, i.e. devices such as routers or laptops. If an attacker manages to gain physical access to these devices, it is much easier to breach the security than remotely. For example, PC manufacturer HP highlighted this at the convention, stating that over its lifecycle, approximately 10-14% of all HP enterprise computers are either stolen or lost, effectively ending up in the wrong hands. If valuable information has been left behind on a stolen or lost computer, or if it has been used to log on to company systems, for example, this can pose a significant threat. The situation is often exacerbated by the fact that in many organisations, people in higher positions, at worst even all employees, use the credentials of the local system administrator on their own devices. If these tokens are widely used for no real reason in daily operations, the threat of jailbreaking increases significantly if the device falls into the wrong hands. Taking care of the physical security of laptops has become much more challenging in recent years as remote and hybrid work has become more common, but with good cyber hygiene and proper use of devices, the threat can be significantly reduced.

The physical safety of workplace endpoints should not be forgotten either. At the fair, a Netum representative demonstrated ways to circumvent the protection of a network router that is well covered from external attack if an attacker has access to the device in question. For example, routers can often be reset to reduce passwords to their original values, or security can be bypassed by manipulating the device in some other way. Such functionalities are often the default in new devices and must be separately switched off.

All in all, there was a lot of talk about various threats at the fair, but several actors also presented solutions formed by technology to these threats. Various solutions utilising artificial intelligence and automation have been developed, for example, for automating updates and mapping vulnerabilities. Practical solutions can also be found with regard to physical threats, for example by means of access control and remote shutdown of devices. The focus was also on future threats in the form of discussion related to quantum technology. The quantum threat is likely to materialise only after years or even decades from now, but it already requires preparation and continuous maintenance of situational awareness.  Conventions like Cyber Security Nordic are important for both sharing threat intelligence and showcasing these solutions. Lack of awareness and consequent negligence remain one of the most significant cyber threats. Solutions that increase security are often available or vulnerabilities can be patched, but active and continuous investment in this work is essential.

References

Administrator Credentials: A Security Breach Waiting to Happen (securityintelligence.com)

Pelle Aardewerk; Head of Vertical Solutions, HP Wolf Security, EMEA:”Click Happens” – how to mitigate emerging endpoint security risks- Cyber Security Nordic 2023 Event.

Petri Saarenmaa; Senior Cyber Security Consultant, Netum: How to find the soft underbelly of the on-premises network. Cyber Security Nordic 2023 Event.

Angela Robinson, Mathematician, NIST: The NIST Post-Quantum Cryptography standardization project. Cyber Security Nordic 2023 Event.

Marcin Spychala, BigFix Technical Adcisor, Acting team Leader EMEA, HCL Software: Enhancing business relience: Leveraging AI for continous compliance to maximize your security posture

Panel: Discussing quantum computing and cyber security. Cyber Security Nordic 2023 Event.

Pictures Cyber Security Nordic 2023. Helsinki Messukeskus/Kimmo Brandt