For an international organisation like TLScontact, with operations in 90 different countries, the online threat landscape is constantly evolving. This requires an agile, forward-looking approach from our cyber security colleagues to anticipate and address new risks for our systems and applicant data. Our Head of Cyber Security, Opeyemi Ore, outlines in this article the range of new measures that we have implemented to strengthen our cyber controls as global organisations face an uptick in both the number and sophistication of attacks from cyber criminals.
2022 has been a truly dramatic year so far. It was billed as the year that the world would begin its recovery from the Covid-19 pandemic, the much-awaited social reboot of humanity. This has indeed proved the case in many regions, but upheaval and new disruptions to daily life continue and are even accelerating, as the ripple effects of the Ukrainian conflict are felt around the world. A number of our own colleagues are personally impacted by this crisis. As an organisation, we have also been playing a significant role in supporting Ukrainian refugees fleeing to safety, working with the UK government to process thousands of visa applications under the Ukraine Family Scheme and Homes for Ukraine visa scheme.
This very important part of our work could make us an attractive target for unscrupulous characters who are interested in causing us harm, either by stealing the sensitive data in our possession, or by compromising our business systems. Over the past few months, companies around the world have indeed seen a significant rise in malicious activity. This has led us to review our risk posture and take measures to further strengthen our cyber controls.
Phishing attacks are becoming more prevalent and sophisticated. According to a recent ThreatLabz report, there was a 29% increase in phishing attacks in 2021, compared to the previous year. Phishing emails are designed to trick users into downloading or clicking on something, allowing cyber criminals to then access internal company systems. The increasing sophistication of phishing attacks has been driven by trends such as:
- COVID-19 and Work from Home practices. Consumers are engaged in ever more activities online, giving attackers new ways to take advantage.
- Insufficient user education: Whilst organisations continue to invest in sophisticated technical measures for protecting their information assets, it often remains easy for attackers to bypass these controls by tricking users via emails. This could result in attackers obtaining legitimate login credentials, allowing them to subvert these technical security controls.
- Phishing-as-a-service: Phishing kits package up pre-built tools to make phishing attacks easier to launch, even by adversaries who lack strong technical skills, and harder to spot for security teams.
In recent months we have also seen the rise of malicious communities such as LAPSUS$, an international hacker group known for cyberattacks against various large technology companies. They employ the technique of encouraging users with legitimate access to company systems to assist in their hacking attempts. This can even take the form of a financial reward in exchange for employee credentials for a company VPN or other internal system.
Also commonly known as password harvesting, this practice involves using different tactics to amass large subsets of user credentials, sometimes with administrative rights, for use in attacking organisations. These tactics can include the deployment of malware, phishing, or simply procuring passwords from other hackers who may have carried out other attacks to gain the credentials. Industry analysts estimate that at any one time, there are between 5 and 7 billion credentials from organisations that have already been compromised and available on the dark web for use. This, coupled with the common user behaviour of reusing credentials across multiple online services, makes ‘credential harvesting’ a very challenging topic for many organisations.
In response to these emerging threats, we have taken a number of actions in the past few months. In particular, we have:
- Implemented a new capability to evaluate the hygiene state of our user directory and determine remedial activities that we should take to secure our user credentials. This allows us to identify and address critical items such as:
- Inactive / unused accounts, which can be disabled
- Accounts with weak or compromised credentials
- Users with unnecessary elevated privileges.
- Enhanced our software development capabilities to enable us to detect any weaknesses within our web applications as early as possible in the software lifecycle. Thanks to these new capabilities, we are able to:
- Immediately spot where there is sensitive information embedded within our software code;
- Analyse code defects which could result in a security compromise;
- Evaluate other external code libraries which are included as part of our software build, and detect any vulnerabilities;
- Filter all user activity reaching our web services more effectively, to weed out ‘online bots’ looking to hinder the activities of legitimate users.
Deploying these new capabilities has allowed us to harden our security landscape and further protect our technology assets, including both client and applicant (traveller) data on our systems.
As part of our continuous improvement programme, we will soon be partnering with an industry-leading cyber security awareness and training vendor to roll out a new Security Awareness Platform. This will enable us to fully automate our approach to training our employees, who are an essential part of our cyber security defences.
The structured security awareness programme that we are putting in place will cover, but not be limited to:
- Phishing campaigns with automated reporting and analysis of behaviours;
- The rollout of a ‘phish-reporting’ button to enable our people to easily report phishing attempts;
- Awareness content and videos from industry leaders;
- Rollout of online and offline awareness materials to ensure that relevant security topics are always top of mind for our staff.
The threat landscape is always evolving and in response, we continue to prioritise the protection of our information systems. We understand that cyber-crime is very rewarding for attackers, and that they are relentless in their attempts to attack organisations such as ours. It is for this reason that we place such a high degree of importance on the protection of our information systems, ensuring the secure storage and transfer of the client and customer data which is in our care.
Article written by
Opeyemi Ore Head of Cyber Security