How to Stop Your Data From Getting Hijacked

By Thomas LaRock, Head Geek™, SolarWinds

The final Avengers movie revolves primarily around what one character calls a “time heist”—travelling through time to intercept each of the immensely powerful Infinity Stones before the immensely unpleasant Thanos can get his hands on them. Novel as it may seem, it’s a strategy most cybersecurity experts will recognise. Data intercepts, man-in-the-middle attacks, and other such “data heists” involve a malicious actor pinching data as it’s transmitted between two legitimate parties, often without either realising their communications have been compromised. As cybercrime strategies go, it’s decidedly old-school, yet still worryingly effective.

Organisations often struggle to avoid man-in-the-middle attacks because hackers target infrastructure the organisation has almost no control over. Often, that infrastructure proves astonishingly vulnerable to compromise, like when a white-hat hacker broke into several GPS services with the default password of “123456.” The code in third-party applications and services we use, both in business and our daily lives, still tends to be the weakest link in how we protect and secure our data. But apart from enforcing much stricter consequences on developers and firms who consistently apply “good practice” cybersecurity standards—which we should—businesses can take some measures to avoid being undone by cybercriminals looking to turn data defences into dust.

Better suspicious than sorry

Businesses can thwart many basic intercept and man-in-the-middle techniques by using IT security tools to collect, analyse, and shut off potentially compromised network traffic. Those tools increasingly rely on global, real-time databases of known techniques, making it harder for cybercriminals to pull certain tricks more than a few times. However, net admins and their weapons can only defend against the more blatant of these attacks—and only across the endpoint surface their tools cover.

To take their data-heist defences to the next level, IT managers need to get a bit more creative. One sure-fire defence is to use encrypted communications for all sensitive data. That way, even a successful intercept will only give hackers gibberish—useless without the right key to decrypt the data they’ve stolen. Net admins can also deploy stronger access credentials across the network: requiring WPA usernames and passwords on all Wi-Fi devices, for example, will prevent almost all cybercriminals quietly inserting themselves into the network and siphoning data between nodes.

Tools aside, IT should endeavour to cultivate an “ethics of suspicion” amongst end users. Many man-in-the-middle attacks still work by targeting users with fake error messages, popups, login pages, or other “social engineering” tricks that prompt the user to install a file or re-enter their credentials. The more familiar users are with the standard processes of their software, especially login and security processes, the more likely they’ll be to raise an eyebrow when things seem a little suspect—and raise the alarm to IT. Continue to encourage end users that it’s better to be suspicious than sorry, and the minutes spent responding to a false alarm are worth the potential months and millions spent recovering from a successful breach.

Your data will be pwned

No matter how strongly IT fortifies itself against breaches, intercepts and hijacks of organisational data can and will occur. The first step to practising good security remains that of assuming the worst case: at some point, your organisation will be “pwned” and your data compromised.

IT leaders should start with the very robust NIST Cybersecurity Framework and its five functions: Identify, Protect, Detect, Respond, and Recover. Following that framework with the assumption of compromise at all stages ensures that even if an intercept does occur, your teams will be ready to roll into immediate action. Regular practice—such as penetration testing and mock “cyberbattles” with attacking and defending teams—can help your cybersecurity team perfect its response to all manner of subtle and exotic threats, data intercepts included. And the more your organisation works with others to share intelligence and responses, whether with network cybersecurity defences or just regular information sharing, the less threats will succeed against the resultant “herd immunity.”

Ultimately, IT can only establish so much defence against data intercepts and man-in-the-middle attacks, but even that can keep most would-be threats at bay. It’s worth remembering, like the Avengers did, that no single tactic can win against malicious actors with often overwhelming force, but combining several can quickly turn the tide against them. Put strong monitoring tools, suspicious users, and well-oiled response protocols together, and the threat from most prospective data heists will fade—in a snap. 

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags password securitynetwork securitymalicious softwareNIST definitioncybercriminalscybersecurity standards

More about Infinity

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Thomas LaRock

Latest Videos

More videos

Blog Posts