Micro & Small Company Cybersecurity

Brighton West Pier

I am a cautious person. A manager once pigeon-holed me as a ‘glass half empty’ temperament.

When it comes to cyber security, I’m close to paranoid. Who, after all, would want to be targeting small fry like my company? One does not need to be the target however to get caught in the crossfire. The British NHS (National Health Service) was apparently the unintended casualty of the Petya cyber-attack reputedly aimed at Ukrainian financial institutions in 2017. While the 2022 invasion of Ukraine is currently underway, the usual advanced persistent threat actors will be focused on damaging the Ukraine infrastructure, but thereafter their attention, like the Eye of Sauron, may well turn to the United Kingdom.  Should that happen however, my little PC may be the least of my worries.

Inbound emails can be routed through a specialist gateway before reaching the SMTP hosting service: the service used reports only 31% of inbound emails is allowed through. Filtering for non-Roman alphabet text is caught by the SMTP hosting service. To stop these repeatedly being reported, I have found a response code 450 with the message “This mailbox has been compromised. Please phone” is very effective. Finally, a configuration in the mail client is set to open the email in plain text mode, with no images. This can be annoying when the displayable text is CSS. Only when wanted is the ‘pretty’ version enabled.

Everywhere that two-factor authentication is available has this enabled.

Cloud back-ups are air-gapped: files are sent to the remote server, then the connection is closed. That protects my computer from a breach leaking back. Local physical back-up to a Blu-ray disc is ejected as soon as the burn is complete. That protects the data if either my machine or another on the network are breached.

The routers in the network have firewalls. That leaves my machine vulnerable to malicious code either on other machines on the network or in a file downloaded from a normally reliable source. There is anti-virus in place on my computer, but that can be trusted only to work against known malicious code. As mentioned in a previous article on Supply Chain Hacks, this approach has two significant failings:

1.      Somebody has already experienced that attack, perhaps many thousands of people.

2.      The vendor needs to catalogue the new attack and make the ‘inoculation’ available.

Two attack vectors still to remain to be concerned about.

Firstly, the so called zero-day vulnerabilities: the commercial anti-virus market does not yet know about them. This defence layer needs to use some form of machine learning and automated response. It needs to have automatic detection of any anomalous code behaviour and automatically halt further action until there has been a human review.

Finally, are Supply Chain Hacks and man-in-the-middle attacks. What if the vendor of the machine learning / AI solution is hacked or the update download is not coming from their server? You can see my ‘glass half empty’ nature coming in to play here. How far can zero-trust go?

The machine learning / AI solutions themselves fall into two camps: network monitoring, like DarkTrace, or in the computer hardware, like Flexxon’s X‑PHY® M.2 offering.

Network monitoring seems appropriate for organisations with high value assets and/or many users, primarily working at home or in their own office locations. It would be particularly good at protecting servers as these tend not to be mobile. I hope the services I rely on, and my local government authorities, are protected with systems like DarkTrace.

For small companies like my own, either in terms of value or headcount, or where a laptop may be connected to untrusted internet connections, then an AI hardware solution seems to come into its own. I stumbled on Flexxon’s X‑PHY® innovation at the Southern Manufacturing and Electronics mid-February trade fair in Farnborough, Hampshire at the Nexus Industrial Memory stand.

The motherboard in my PC takes the M.2 80mm form-factor natively, so there was no need for an adapter card to a (slower) SATA socket. The one-off TCO (Total Cost of Ownership) for the 512GB card is £265 (card plus installation ex VAT; prices correct March 2022), but that should reduce to less than £200 with volume rates on the card plus an in-house IT team performing the installation (allowing up to £30 for their time). I recommend strongly using an experienced IT specialist rather than expecting users to perform a self-service replacement.

Here's hoping that publishing this article has not painted a target on my back.

Add and view comments on this article on LinkedIn

If you agree or disagree with this post, then please add a comment on LinkedIn: thank you!