IT Security: paying attention to simple things

Recent cybersecurity attacks targeting organisations in the Middle East have showed that some of the most serious security vulnerabilities remain the most basic and simple ones like phishing, poor passwords and unsupported software.

Tags: Apple IncorporatedCommunications and Information Technology CommissionSaudi Aramco (www.saudiaramco.com)
  • E-Mail
IT Security: paying attention to simple things
By  Manda Banda Published  February 14, 2017

As the Middle East IT industry continues to transform and embrace digitisation, what are the greatest threats it's facing today? A look back at some of the biggest cybersecurity attacks of 2016 reveal that the most serious threats remain simple and unsophisticated, even though people keep falling for them.

Consider the following major cybersecurity attacks and flaws that took place in 2016.

In November, Bloomberg News reported that state-sponsored hackers had conducted a series of destructive attacks on Saudi Arabia over a two-week period, erasing data and wreaking havoc in the computer banks of the agency running the country's airports and hitting five additional targets.

The attacks involved the use of Shamoon, a malware tool that made headlines five years ago for erasing the hard disks of more than 30,000 computers at petroleum giant Saudi Aramco.

Saudi Arabia said after inquiries that "several" government agencies were targeted in attacks that came from outside the Kingdom, according to state media. No further details were provided.

Last month the Saudi's telecoms authority Communications and Information  Technology Commission (CITC), issued an alert about a cyberattack targeting Saudi Arabia's public and private organisations mainly in the petrochemicals sector.

Turning abroad the Democratic National Convention email leak in the USA was an attack that was facilitated in part by convincing the Clinton campaign's chairman to click a malicious link in an email - the kind most email users probably have coming into their spam folder on a daily basis. This was a classic phishing attack. As hacks go, it was not a particularly difficult one to execute.

Another incident involved the Dyn DNS outage in which hackers were able to carry out this attack, which shut down a number of major websites for a day in October, by breaking into Internet-of-Things (IoT) devices that were poorly secured by the manufacturers. The attack used malware to guess passwords on devices whose default passwords were publicly known.

And lastly, QuickTime's security flaws were discovered last year in Apple QuickTime. The revelation prompted Apple to stop supporting the platform, making QuickTime a security vulnerability for anyone who still has it on their computer.

So what does all this mean for the channel?  Let me start unpacking the conundrum and point out that while it's still important to defend against the truly sophisticated hackers who are out there by deploying software designed to stop them, keeping your IT assets secure also requires thinking about vulnerabilities that are so basic they can be easily  ignored.

Channel partners need to take time and effort to constantly educate their end user customers about phishing, avoiding devices with inherent security flaws like passwords that can be guessed and uninstalling unsupported software.

All these things have probably been learned for many years now but they are easy to ignore.

That said, these basic security tips are still important today, even as much more sophisticated types of attacks have emerged. Ignoring the smallest of vulnerabilities can lead to the biggest of hacks. Don't let the customer who treats you as a trusted security advisor fall victim to a hack because they forgot that the most serious attacks still remain simple and unsophisticated. Let me hear your views. I can be reached at manda.banda@itp.com

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code