In recent months, an alarming number of cyber-attacks have taken place across a number of industries. Just this week, US based company Colonial Pipeline were victims of an attack that shut down their entire network for three days, which led to an emergency legislation being passed by the US government.
With technology becoming increasingly advanced, it has become apparent that even the largest organizations can be vulnerable to cybercriminals and cyber-attacks. Therefore, it’s essential that protecting corporate and private customers’ data remains at the top of the priority list for organizations today. To minimise the risk of becoming victims of a cyber-attack, the Cybersecurity and Infrastructure Security Agency (CISA) has published its “Capacity Enhancement Guides.”
These recommendations are exclusively targeted at federal agencies and private sector organizations, outlining best practices that should be employed largely across state, local and territorial governments.
Advantages to the user
As web browsers are the primary resource upon which users’ network on the internet, security is a key area of unease and concern. Cybercriminals today are much more sophisticated in their abilities to manipulate and exploit users who have unsafe browsing habits or unprotected software.
WPP’s GroupM forecasts that in 2021, advertising revenue worldwide will jump 10.2% to a record $651 billion. Hackers use the incredibly high revenue potential to their advantage. Cybercriminals exploit this using a practice called malvertising, something that most users are completely oblivious to.
Malvertising is a process that involves website advertisements essentially being hijacked, spreading viruses and malware to those who are unfortunate enough to click on infected ads. Bugs bypass any built-in antivirus software or browser protection and serve users with malicious ads that can come from entirely legitimate ad networks. In the same way that Spotify tailors its advertisements for its listeners, hackers now target each individual using carefully crafted and bespoke ads. Gone are the days of broad-spectrum attacks.
In response to these attacks, CISA has entered a new age of cyber defence and compiled a list of recommendations for federal agencies to defend against malicious advertising.
CISA’s recommendations
The first step towards safety is standardizing and securing web browsers. This is the fastest and most cost-effective approach in the fight against malvertising. For example, if employees are allowed to operate from multiple web browsers, there are several potential disadvantages that will ultimately give hackers the upper hand.
Installing a two-factor authentication (2FA) or multi-factor authentication system (MFA) is the most important step an agency can make. This means that a successful system breach would require sophisticated resources and efforts from hackers and allows agencies additional time to defend against attack. According to Microsoft, 99.9% of the account compromise incidents Microsoft engineers deal with could have been blocked by a MFA solution.
The next recommendation from CISA is to isolate web browsers from operating systems. This is a strategic decision that ensures a secure web browsing experience. All internet activity is moved to an isolated environment, protecting computers from any malware that the user may encounter. At first glance, this can appear expensive and complex. However, it can be argued that on a long-term basis, the cost of browser isolation is lower. Isolation provides vital separation between browsers and operating systems which operate under the assumption that all web traffic can be trusted.
Distant browser isolation takes this a step beyond conventional methods and transports the processing of web data from the local system to a secure location. This kind of browser isolation is accessible from third-party service sources or as a software offering for federal agencies.
The final recommendation for federal agencies is to deploy ad-blocking software, which prevents pop-up ads and banners when employees browse the web.
Architecting effective and efficient advertising campaigns
The recommendations clearly outline to the user – in this case federal agencies – that they are able to take full control over the online advertisements they see. It would be a surprise if agencies didn’t implement at least one of the steps recommended, if not all three. As agencies begin to implement the recommendations, it will be publishers who face the aftereffects as they find themselves struggling on how to best modify their practices to try and overcome lost revenue. This is where Acceptable Ads comes in and acts as a vital resource that enables advertisers to build highly targeted, safe and effective campaigns.
Acceptable Ads is a way for advertisers to reach ad-blocking users in a safe, effective way that benefits both parties. In the case of malvertising, it means that users aren’t forced to turn to certain types of ad-blocking software in order to reduce their chances of falling victim to an attack.
Unlike most ad-blocking tools, which block all forms of advertisements, Acceptable Ads works in line with the recommendations of the Acceptable Ads Committee (AAC). The Committee determines the criteria that define which ads are acceptable and which ads are potentially intrusive or harmful to the user’s experience. The AAC places huge emphasis on researching ad standards to ensure the user experience is respected while also ensuring real value to content publishers and online advertisers. This means advertisements that feature any form of malware can be detected by the AAC and will not be deemed ‘acceptable’, protecting users from online ad fraud.
There has never been a better time for advertisers to create high-quality ads. The key message is to create nonintrusive ads and abide by the standards and measures developed for ad-filtering users, while keeping them safe online. The unique selling point for advertisers is the potential to tap into a market of over 200 million online users currently utilizing ad-filtering software. Collectively, advertisers and users will reduce ad fraud and help win the fight against cybercriminals.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.