CERTainty in response to cyberattacks

By on 27 Sep 2021

Categories: Tech matters Events Development

Tags: , , , ,

Blog home

Computer Emergency Response Teams could easily be compared to ducks on water — calm on top of the water and working hard below. (Photo by cristina Iacoangeli on Unsplash)

Certainty is hard to come by, outside of death and taxes. But it’s something individuals and society are continually drawn to when seeking reason or wanting to persuade others.

In a Harvard Business Review article on how certainty transforms persuasion, authors discussed how there are four levers for increasing certainty:

“…consensus (people become more certain of their opinions when they perceive that others share them); repetition (expressing a position many times increases certainty); ease (the more readily an idea comes to mind, the more certain we are of it); and defense (standing up for your beliefs increases your conviction about them).”

Harvard Business Review

Sitting in on the APNIC FIRST Security sessions at APNIC 52 earlier this month, it was clear that these levers are not lost on all the cybersecurity professionals who presented, specifically those representing regional Computer Emergency Response Teams (CERTs), who many businesses and governments often turn to in times of uncertainty.

Partnerships build consensus

Only a few years old, CERT Vanuatu (CERT VU) was formed as a result of a cooperative multistakeholder process to enhance and strengthen Vanuatu’s national cybersecurity.

Jeffery Garae, who’s been working with CERT VU as an advisor for the past three years mentioned, on more than one occasion during his presentation, the importance of this multistakeholder process and how it has continued helping CERT VU establish partnerships with local businesses and agencies. 

“One thing that we’ve realized that is contributing positively to incident response is the … formalized partnership between various agencies in Vanuatu, who basically address incidents or receive reports for incidents or allow normal citizens or intended users to contact us so we can help them,” said Jeffery.

Suetena Loia of Samoa CERT — the newest CERT in the APNIC region, established just six months ago — said that trust played an important role in establishing these formative relationships.

“I think building that community, trust goes a long way. [And] continuing to build that on multiple levels, whether it’s business or whether it’s group technical groups, continuing that open dialogue,” Suetena added.

Read: How can organizations support cybersecurity in the Pacific?

Repetition comes with the job

It’s fair to say that TWCERT/CC is one of the more active CERTs in the Asia Pacific region, handling more than 1.5 million cyber threat records in 2020, 95% of which were system intrusions and outbound attacks.

Figure 1 — TWCERT/CC handled more than 1.5 million cyber threat records in 2020.

Things haven’t slowed down in 2021 with news of the ProxyLogon vulnerability on Microsoft Exchange Server in January, described as the “… electronic version of removing all access controls, guards, and locks from the company’s main entry doors so that anyone could just walk in”.

While Taiwan was not as affected as other economies — TWCERT/CC reported around 400 affected IP owners — the high-profile nature and far-reaching use of Microsoft Exchange Server led to a raft of requests for assistance from across Taiwan’s high-tech sector, according to TWCERT/CC’s Henry Chu.

“Typically, these attacks don’t seek to cause direct harm, but to steal confidential information,” Henry said.

“They usually target small to medium sized organizations that don’t really have the advanced capability or resources to be able to [handle or mitigate such an] attack.”

TWCERT/CC has since been advising businesses to keep their Exchange Servers up to date and to implement a firewall and network access control list (ACL), so that their Exchange Server is not directly exposed to the Internet.

Figure 2 TWCERT/CC’s ProxyLogon mitigation advice.

One attendee commented that such best practices haven’t really changed in the past 20 years and question why CERTs must continually remind people to do it.

Henry admitted that he often ‘copy and pastes’ these and other fundamental recommendations and that it’s part of the business they’re in to repeat these messages to make organizations aware of the seriousness of the threats.

“The organization knows they need to do this, but they don’t know how serious this is,” said Henry.

“We always have a lot of sessions and workshops and try to educate organizations as much as possible. Still, it’s difficult to reach small and medium [businesses]… maybe they don’t even have IT personnel to take care of their cybersecurity. I think we just need to keep educating and promoting how important [cybersecurity hygiene] is.”

Jeff Garae of CERT VU acknowledged that while unrewarded, it’s beneficial to continually educate Internet users on cybersecurity.

“Once users have the knowledge, even a little bit, of how to identify an attack or malicious activity, it’s a step forward to collaborating with agencies or stakeholders involved to address those issues.”

He optimistically added that the mindset of Vanuatu’s local IT admins has changed in terms of reporting incidents to CERT Vanuatu because of these and other awareness and outreach efforts CERT VU have achieved in their first three years.

Read: CERTs and cybersecurity in the Pacific

Check out the APNIC 52 conference website to watch recordings of all presentations at the APNIC FIRST sessions and the rest of APNIC 52.

The APNIC Foundation has supported the establishment of CERTs in the Pacific via cyber security capability and awareness projects.

Rate this article

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *