The final Avengers movie revolves primarily around what one character calls a “time heist”—travelling through time to intercept each of the immensely powerful Infinity Stones before the immensely unpleasant Thanos can get his hands on them. Novel as it may seem, it’s a strategy most cybersecurity experts will recognise. Data intercepts, man-in-the-middle attacks, and other such “data heists” involve a malicious actor pinching data as it’s transmitted between two legitimate parties, often without either realising their communications have been compromised. As cybercrime strategies go, it’s decidedly old-school, yet still worryingly effective.
Organisations often struggle to avoid man-in-the-middle attacks because hackers target infrastructure the organisation has almost no control over. Often, that infrastructure proves astonishingly vulnerable to compromise, like when a white-hat hacker broke into several GPS services with the default password of “123456.” The code in third-party applications and services we use, both in business and our daily lives, still tends to be the weakest link in how we protect and secure our data. But apart from enforcing much stricter consequences on developers and firms who consistently apply “good practice” cybersecurity standards—which we should—businesses can take some measures to avoid being undone by cybercriminals looking to turn data defences into dust.
Better suspicious than sorry
Businesses can thwart many basic intercept and man-in-the-middle techniques by using IT security tools to collect, analyse, and shut off potentially compromised network traffic. Those tools increasingly rely on global, real-time databases of known techniques, making it harder for cybercriminals to pull certain tricks more than a few times. However, net admins and their weapons can only defend against the more blatant of these attacks—and only across the endpoint surface their tools cover.
To take their data-heist defences to the next level, IT managers need to get a bit more creative. One sure-fire defence is to use encrypted communications for all sensitive data. That way, even a successful intercept will only give hackers gibberish—useless without the right key to decrypt the data they’ve stolen. Net admins can also deploy stronger access credentials across the network: requiring WPA usernames and passwords on all Wi-Fi devices, for example, will prevent almost all cybercriminals quietly inserting themselves into the network and siphoning data between nodes.
Tools aside, IT should endeavour to cultivate an “ethics of suspicion” amongst end users. Many man-in-the-middle attacks still work by targeting users with fake error messages, popups, login pages, or other “social engineering” tricks that prompt the user to install a file or re-enter their credentials. The more familiar users are with the standard processes of their software, especially login and security processes, the more likely they’ll be to raise an eyebrow when things seem a little suspect—and raise the alarm to IT. Continue to encourage end users that it’s better to be suspicious than sorry, and the minutes spent responding to a false alarm are worth the potential months and millions spent recovering from a successful breach.
Your data will be pwned
No matter how strongly IT fortifies itself against breaches, intercepts and hijacks of organisational data can and will occur. The first step to practising good security remains that of assuming the worst case: at some point, your organisation will be “pwned” and your data compromised.
IT leaders should start with the very robust NIST Cybersecurity Framework and its five functions: Identify, Protect, Detect, Respond, and Recover. Following that framework with the assumption of compromise at all stages ensures that even if an intercept does occur, your teams will be ready to roll into immediate action. Regular practice—such as penetration testing and mock “cyberbattles” with attacking and defending teams—can help your cybersecurity team perfect its response to all manner of subtle and exotic threats, data intercepts included. And the more your organisation works with others to share intelligence and responses, whether with network cybersecurity defences or just regular information sharing, the less threats will succeed against the resultant “herd immunity.”
Ultimately, IT can only establish so much defence against data intercepts and man-in-the-middle attacks, but even that can keep most would-be threats at bay. It’s worth remembering, like the Avengers did, that no single tactic can win against malicious actors with often overwhelming force, but combining several can quickly turn the tide against them. Put strong monitoring tools, suspicious users, and well-oiled response protocols together, and the threat from most prospective data heists will fade—in a snap.