3 Questions to Determine your Enterprise’s Cyber Attack Defenses
Security breaches cost organizations around the world millions of dollars each year. The average cost of each breach is upwards of $6 million according to a report from the Ponemon Institute, and perhaps more concerning, 50 percent of organizations surveyed were not confident in their security programs. Additionally, the Center for Strategic and International Studies (CSIS) just released a study estimating that cybercrime costs the global economy upwards of $445 billion annually. This comes at a time when spam, long thought to be a problem of the past, has increased to its largest levels in two and a half years as a key channel of intrusion into corporate networks according to IBM’s recent X-force findings.
Yet, none of these figures include the subsequent loss of business or diminished brand reputation, which can have a greater long-term impact. The same Ponemon study found that 61 percent of respondents feel data theft and cybercrime are the greatest threats to their reputation.
These findings underscore why it’s imperative for organizations to invest in smarter security solutions to protect the business and brand. But throwing money and new layers of security protocols at a complex problem are not enough. In fact, it is not uncommon for large organizations to have 80 tools from 35 different vendors – most of which are siloed in specific areas of the organization and do not communicate with each other.
Over the past few years, these trends have shifted cyber security from a defensive to proactive stance. Organizations need to stop building better walls or deeper trenches and go on the offensive. This requires a research-based, real-time approach to cyber intelligence that allows you to prioritize protection in the moment and quickly adapt to emerging threats.
Is your company ready? Here are three key questions to ask when it comes to fighting cyber crime in your organization.
1. Do you know what an attack even looks like?
The attackers responsible for the data breach at a major retailer accessed their network for three months, and the systems for an additional four months, firing security alerts on their targets more than 60,000 times. Once detected and deleted, the intruders would simply re-load their malicious software on a daily basis. While the security system flagged the attackers' behavior, the security operations personnel weren't able to identify the activities or the code being used as malicious.
This is partly because the attackers gave the malware a file name that was nearly identical to the company’s official payment software. Although the security system was sending out alerts upon detection, they didn’t overtly stand out. So what would your organization do under the same circumstances? If you saw a one percent increase in the daily entries on your endpoint protection logs, as was the case with the retailer, would you notice it? Giving malware an innocuous-sounding name isn’t exactly an unheard-of tactic. Since most cyber threats go months before being noticed, could your organization withstand the loss of data that could occur in that timeframe?
2. Do you plan for every scenario, including the impossible?
The old ways of attacking systems are alive and well. It’s still important to look for and safeguard unsecured servers, FTP, email, mobile devices and so on. Likely, attackers are after your company’s crown jewels, an organization’s most critical data that typically represents just two percent of its overall enterprise data. However, this data can have a major impact on competitive advantage, brand reputation, market value and business growth. Do you even know where your critical data resides? It can't be said enough: "Know your attack surface."
But cyber attacks are more complex than ever before, and no scenario is too extreme – or obscure. For example, attackers use sophisticated malware to take advantage of vulnerabilities in Java and browsers. The attacks responsible for a major retailer’s credit card breach were walked in, and distributed to the network, by the HVAC repairmen. Is your network accessible to unwanted personnel? How about unlikely targets, for instance soda machines?
It’s important to consider every third-party asset or technology that’s being deployed inside the organization. Today, advanced software controls everything from climate to phone systems to on-site vending machines. And just as it can provide the exceptional services for which it was designed, it can open the door for adversaries to get through your defenses if not properly secured and monitored. If you’re not planning for all kinds of scenarios, you’re not going to be able to prevent or detect intrusions.
Out-of-the-box scenario planning is an art as well as a science. Choosing the kinds of situations that “could never happen” is essential, because they’re the scenarios that will absolutely happen. Cyber criminals and fraudsters are very early adopters of technology, and constantly probe for new vulnerabilities and the least obvious entry points that are likely to be overlooked.
3. Do you know who is attacking you, and what they’re capable of?
Understanding your attacker is an important part of cyber intelligence. That includes knowing who is attacking (or considering attacking) your organization, who their associates might be, what their capabilities are, what methods and resources are available to them, what they’re after and even where they may be located.
With a true profile of the relationships between these threat actors, organizations can identify coordinated attacks, the influential leaders of those attacks and find out who has the most knowledge of its critical operations. It’s also vital to keep tabs on related attacks to organizations of similar size, scope and industry. If you’re a large bank or retailer, you’re going to be very interested in what’s happened with others in your industry since you might be next – or you may already be impacted by attacks that have gone undetected.
These threats, however, can also be internal in nature. This type of security breach can be extremely difficult to uncover. In one recent scenario, cyber attackers accessed the passwords and account information of millions of users after obtaining login credentials of an existing employee. And when the attack seemingly comes from within, there are typically no obvious precursor events, and the indicator tracks will be harder to follow. Regardless of intent, it’s important to have systems that monitor and scope credential use, and policies that can prevent employees from using their corporate login credentials on third party sites or social networks.
Answering these questions is only just a beginning when it comes to developing an intelligent, proactive approach to fighting cybercrime. It’s also important to have response and remediation plans in place, to define what acceptable risk looks like, and – this is key – to have a system that will make it as easy as possible for investigators to follow up on any incidents.
Thankfully, organizations today have much greater access to powerful and comprehensive cyber intelligence solutions to better understand their vulnerabilities and threats. By integrating and analyzing large, disparate quantities of internal security, organizational and open source data into a complete, easy-to-understand intelligence picture. These new technologies and techniques are helping organizations across industries develop tighter security protocols, share information across silos, ensure more effective investigations and recover more quickly from the ever-increasing volume and variety of cyber attacks.