Cyberattacks: don't under- or overestimate the risks

Olivier Markowitch, ULB security expert

Faced with the resurgence of cyberattacks and the risks of cyberwar, it is important not only to improve user awareness and education, but also to equip ourselves with technical, financial and human resources.   

What types of cyberrisks does our country face and which sectors are most targeted?  

Olivier Markowitch: All sectors are targeted and affected: there are attacks against some of our ministries, against our banks, our universities, our hospitals and our companies. Currently, there are still many crypto-locker attacks (encryption of the organisation's data by the attackers and demand for a ransom to be paid in bitcoins to obtain the decryption key). But there are also attacks by "penetration" of computer systems and spying on activities or extracting data from the targeted computer system. These attacks are sometimes carried out at the same time as crypto-locker attacks.  

Organisational systems are attacked in a stealthy and often undetected manner by so-called Advanced Persistent Threats (APTs): the attackers then remain discreetly in the systems to collect as much data as possible, or, waiting for a specific piece of information for example. These attacks are non-destructive, precisely to allow the attacker to remain as long as possible within the targeted computer system. There are also denial of service (DOS) attacks (and more often DDOS or distributed denial of service), their aim is to make a web service provided by the targeted organisation inaccessible.  

Olivier Markowitch: "IT security risks are too often underestimated before an attack occurs - and sometimes overestimated after a serious incident.  

Are the attacks becoming more sophisticated?  

Olivier Markowitch: Yes and no. There is both an increasing sophistication of certain attacks (which exploit 0-day flaws), but also the increasing user-friendliness of attacks that are already known and therefore made available to attackers who do not necessarily have the latest technical skills.  

How can we protect ourselves/anticipate such attacks and how should we react in case of an attack?  

Olivier Markowitch: We cannot anticipate and prevent everything. Educating the users of a computer system is one of the most important elements: knowing what is done and what is not done, which link not to click on, which document not to open, recognising an abnormal situation, knowing who to contact in case of doubt or detection of an anomaly, etc.  

Another aspect is obviously technical: the configuration of machines, operating systems, networks, firewalls, etc., as well as the application of security updates, patches, etc., are fundamental in preventing or slowing down attacks significantly. Following announcements and keeping in touch with the CERT (Computer Emergency Response Team) also helps.  

You need to have pre-established plans in order to react effectively in the event of an attack. Following a procedure is more reassuring and allows you to act decisively, to take the right action, to contact the right people and not to give in to panic.  

The informed and appropriate use of cloud services and Content Delivery Networks (CDN) also makes it possible to resist attacks by taking advantage of robust IT infrastructures designed for this purpose.  

Finally, human and financial resources are needed. IT security risks are too often underestimated before an attack occurs - and sometimes overestimated after a serious incident. Informed management that is aware of the risks and needs will invest the necessary resources.  

IT security risks are too often underestimated before an attack occurs - and sometimes overestimated after a serious incident.

What resources has our country implemented to fight cyberwar and does the State have the means to achieve its ambitions?  

Olivier Markowitch: I don't have a precise idea of the human and financial resources put in place to fight effectively at the level of the State or its regions. There is the CCB (Centre for Cybersecurity Belgium) and the CERT (the Federal Cyber Emergency Response Team), there are the army's cyber services and there is the Federal Computer Crime Unit ( FCCU ). There are very competent people in these organisations, but I am not at all sure that there are enough of them and that the resources made available are sufficient.  

OLIVIER MARKOWITCH  

Dean of the Faculty of Science at the Université libre de Bruxelles, Olivier Markowitch is a professor in the Department of Computer Science at said Faculty. He teaches algorithms, cryptography and computer security. He is also one of the founders of the Master in Cybersecurity co-organised by three Belgian universities, the Ecole Royale Militaire and two Hautes Ecoles, as well as the Erasmus Mundus "Cyberus" Master in Cybersecurity and is co-organiser of the ULB Cybersecurity Research Center. His research interests include the design and analysis of cryptographic and communication protocols. He is the author of hundreds of scientific papers in the field of cryptography and computer security.   

Marc Husquinet has more than 35 years of experience in IT-journalism. First for nearly 30 years with Data News, the leading IT magazine on the Belgian market. After that, as a perfectly bilingual independent journalist. Today, he makes his expertise available to IT-companies, either as a journalist/copywriter or as a specialised translator.

Read more on cyberwar