When a major hack hits the news, enterprise IT teams scramble to prepare for the fallout. Any organization directly affected by a breach is bound to come under fire, along with the effectiveness of existing security deployments that were unable to protect them. However, every significant data exposure also causes companies to wonder when a similar event might happen to them. The recent news about the White House and State Department hacks, now attributed to malware created by Russian hacking group CozyDuke, should serve as another reminder to organizations of the evolving sophistication in remote access attacks and to prepare accordingly. Unfortunately, however, the reality is that many organizations will continue to think that such an event can never happen to them, or if they do, will either ignore the threat completely or overcompensate by investing limited security resources into traditional IT defenses at the expense of more subliminal sources of infection.
Legacy endpoint and perimeter deployments such as firewalls and intrusion detection serve as essential defense-in-depth safeguards for data security, but cybersecurity is more than just vendor sensors and total security is impossible. If the White House is susceptible to a sophisticated cyber attack or the National Security Agency vulnerable to a cataclysmic insider threat, other organizations with smaller security budgets and comparatively less manpower and expertise will be no different. The next time you sit down with your team to evaluate your enterprise risk landscape, take a lesson from the CozyDuke attack or from any number of previously victimized entities and consider the following steps.