4 Security Lessons From the White House Network Breach

May 26, 2015

When a major hack hits the news, enterprise IT teams scramble to prepare for the fallout. Any organization directly affected by a breach is bound to come under fire, along with the effectiveness of existing security deployments that were unable to protect them. However, every significant data exposure also causes companies to wonder when a similar event might happen to them. The recent news about the White House and State Department hacks, now attributed to malware created by Russian hacking group CozyDuke, should serve as another reminder to organizations of the evolving sophistication in remote access attacks and to prepare accordingly. Unfortunately, however, the reality is that many organizations will continue to think that such an event can never happen to them, or if they do, will either ignore the threat completely or overcompensate by investing limited security resources into traditional IT defenses at the expense of more subliminal sources of infection.

Legacy endpoint and perimeter deployments such as firewalls and intrusion detection serve as essential defense-in-depth safeguards for data security, but cybersecurity is more than just vendor sensors and total security is impossible. If the White House is susceptible to a sophisticated cyber attack or the National Security Agency vulnerable to a cataclysmic insider threat, other organizations with smaller security budgets and comparatively less manpower and expertise will be no different. The next time you sit down with your team to evaluate your enterprise risk landscape, take a lesson from the CozyDuke attack or from any number of previously victimized entities and consider the following steps.

1. Start with a plan.

The least effective approach to security is a reactionary one. If you’re not thinking clearly or fully evaluating your organization’s risks and needs, you’re likely to focus too heavily on one area of exposure. Instead, your team should aim to develop a tailored and panoramic understanding of the threats to your industry and company, to include the sensitive data you are obligated to protect like corporate trade secrets or customer privacy data such as health and payment card information. Such a plan would seek to prioritize data based on its risk sensitivity and criticality to corporate innovation, execution, and reputation, as well as understand when it might be most imperiled based on the multitude of ways a creative adversary might target it. If you adhere to the philosophy that the data you have is worth stealing, you can then contemplate some inventive scenarios where potential threats to it are most severe. Use this to align security investments and resources against these potential problem areas.

2. Spread out your resources.

As CozyDuke proved, phishing attacks should be one of your company’s top security concerns. In 2013, Kaspersky Lab reported that the number of Internet users hit by phishing attacks had increased by 87 percent since the previous year. However, these numbers are no reason to forget that various other breach tactics and potential security risks are growing at equally alarming rates. While your employees should be properly educated on tips for safe computing and awareness of the increasing professionalism and credibility of phishers like CozyDuke, your risk management budget should also include accommodation for less-technically focused areas. This includes education on the behavioral precursors exhibited by malicious insiders, the litany of human engineering techniques practiced by determined competitors or adversaries, and ensuring internal policies and procedures for data security are matured through consistent application and enforcement.

3. Consider your industry and audience.

Depending on your industry and the stakeholders you serve, certain risks won’t apply to your business – while others may increase tenfold. In highly regulated industries such as healthcare, it is no secret that covered entities must comply with stringent guidelines covering information assurance of protected health information. For those companies operating globally within competitive industries such as high-tech or manufacturing, similar standards should be rigorously followed as well but instead with a focus on compliance to those best practices addressing threat exposure from foreign travel, including danger from nation-states known for prolific industrial espionage and competitive intelligence adversaries alike.

4. Prepare for continuity.

Once your holistic security vulnerabilities have been identified and solutions put in place to remediate them, your security posture will be considerably improved but your work isn’t over. An effective risk management plan is founded on the adoption of mature security practices, continuously assessing risk, and ensuring the resiliency of your organization should a cyber event occur.

If your enterprise is breached, every team, employee and transaction will be affected. The CozyDuke hack, among many other recent attacks, makes it clear that some of the most malicious security infections in today’s IT landscape only require an end user to be tricked a single time. From that initial compromise, hackers can establish a foothold within a network and start the standard attack cycle – where recovery can take months or even years. As you update security strategies and build out new initiatives, remember that a holistic understanding of your cybersecurity risk should be your primary goal. When today’s threats are putting all organizations at risk, remember that while attacks may be inevitable, the extent of your victimhood will always be a function of preparedness. It starts with a tailored understanding of your enterprise posture relative to risk, the maturity of the cybersecurity culture you implement, and your plans for business continuity when a devastating attack or breach does occur.

Armond Caglar is a director and senior threat specialist at TSC Advantage and has over 10 years of experience consulting on international security, intellectual property protection, and risk management solutions for both the private and public sector.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

4 Security Lessons From the White House Network Breach

Related Articles

Related Products

Related Events

Report Abusive Comment