Today’s cyber-criminals are well funded and sophisticated. Their objective is to infiltrate businesses for financial gain or to access confidential information, such as customer data, and thousands of financial, professional, retail and eCommerce organisations fall victim to such attacks every month. Redscan’s Gubi Singh describes two critical steps that all firms, large and small, should employ to reduce or limit the damage that a cyber-breach might inflict.
The Threat Landscape is Complex
Cyber-criminals increasingly use a number of stealthy and continuous phases to break into a network, avoid detection and harvest valuable information over a long period of time, which makes attacks increasingly difficult to detect. Statistics for 2014 show that, on average, it took organisations over 200 days to detect a cyber-breach. By deploying zero-day attacks and other advanced techniques, hackers can bypass conventional defences such as firewalls, intrusion detection and anti-virus systems.
Organisations therefore need to be able to detect or disrupt such attacks at the earliest opportunity to limit the business impact and the potential for reputational damage. Putting in place the right security controls and processes to ensure your business is a hard target will give you increased resilience to cope with more complex attacks.
Step One: Close the Backdoors That Hackers Can Exploit
Vulnerabilities and weaknesses within your systems and applications present a risk to your information security. Occurring through flaws, features or user error, they are an easy path for attackers to use so that they can gain access to and exploit your environment. Addressing these weaknesses is essential. Not only do you remove the easy points of entry an attacker can target; it also ensures that when a breach does occur, the attack surface the hacker/malware can exploit is significantly reduced.
This is critical in preventing or limiting the damage a breach can inflict. Redscan strongly recommends that organisations adopt regular vulnerability assessments and penetration tests as part of their information security strategy. These provide the essential intelligence needed to prioritise remediation based on the risk posed to their business. They also enable organisations to more strategically allocate budget and resources to the areas that require immediate improvement. When organisations outsource their IT or use managed service providers, they ultimately remain responsible for any data breaches. It is therefore critical to ensure that your service provider is taking the necessary steps to protect your critical data. Regular vulnerability assessments and penetration tests are a good way to enforce this and measure the performance of your service provider.
Step Two: Know What’s Happening on Your Network
Situational awareness is essential for organisations to enable them to manage their information security risk. The ability to rapidly identify a breach can prevent or limit the damage an attacker can inflict. A recent report by Verizon stated that 84% of all breaches left footprints of the attack in the logs that networks generate. With the proposed EU data protection regulation coming into force in early 2017, organisations need a more strategic approach to identify, respond to and remediate threats and breaches.
And while many organisations have deployed firewalls, anti-virus and intrusion prevention systems, these systems provide no visibility of attackers who have bypassed their defences. To successfully carry out proactive monitoring of your network requires a combination of skilled security expertise, security analytics tools and technologies, as well as global threat intelligence. As the amount of data networks generate increases, the task of identifying genuine security incidents from the noise of false alerts also becomes more challenging.
In the past, the cost and complexity of carrying out this type of ongoing monitoring has proved a barrier. However, organisations can now access fully managed security services that both lower costs and provide a much higher quality security service with bespoke reporting capabilities.
Malware and hackers are today much more evasive and sophisticated. The traditional defences of firewall and anti-virus are required as the first level of defence but are no longer sufficient on their own. The best security practice now is one of assuming a continuous state of compromise and implementing ways of detecting breaches and vulnerabilities so that the duration and surface of an attack can be reduced. This prevents or limits the damage a cyber-breach can inflict and enables firms to more effectively manage their information security risk.