In today’s information security landscape, it is not a question of “if,” but a question of “when” your network will be breached. Many breaches happen because people are not following policy. As a result, some of the most severe incidents have been detected by simplistic methods. Also, when it comes to significant breaches, the role of insiders should not be downplayed. For example, Vodafone was recently compromised when someone with knowledge of the organization accessed and stole its customer lists, including payment information.
Organizations must have a strategy in place to lessen the likelihood that their systems and data are breached by anticipating and preparing for these threats. Ken Silva, senior vice president for cyber strategy of ManTech‘s Mission, Cyber and Technology Solutions group, offers five recommendations for protection against advanced hacking attacks.
Click through for five recommendations to protect organizations against advanced hacking attacks, as identified by Ken Silva, senior vice president for cyber strategy of ManTech’s Mission, Cyber and Technology Solutions group.
Invest in a complete defensive strategy, including intrusion detection and protection.
By investing in and deploying a thorough defensive strategy, organizations can get the leg up. Complete with intrusion detection and protection, this strategy gives organizations the ability to detect the digital fingerprints of the most stealthy and persistent threats. By integrating visibility and control with advanced detection and forensics, organizations will benefit from preventative, early detections and mitigation capabilities against advanced malware.
Have a response strategy ready to mitigate each type of attack properly.
Catching cyber criminals today requires investigators to perform difficult and time-consuming memory forensics while simultaneously locating, or ruling out, advanced malware infections — not an easy task. A response strategy is more than just tools and techniques. It’s also process and management. By establishing a pre-planned response strategy, the organization can be ready to respond to any kind of attack to save money, reputation and end-user pain.
Institute solid and sound hiring policies to protect against insider threats.
Organizations can’t ignore societal factors when it comes to cybersecurity. Economic issues coupled with the transient nature of today’s work force leaves organizations at risk from rogue employees. These employees have the capability of inflicting financial, IP, brand and reputational damage. Employee network access should not be a one-size-fits-all solution. Ensure that user permissions are limited to the needs of a person’s job. And as always, regularly review audit and access logs, and stiffen penalties for employees found in violation of policy to include termination.
Deploy a solid incident response platform.
It is paramount for organizations to deploy a platform that integrates people, process and tools in order to provide a comprehensive incident response process. An ideal platform gathers and displays data from SIEM, IPS and other sources in one common view to enable much faster response while providing easy-to-understand evidence for the C-suite. Combining incident response with malware detection capabilities transforms how organizations conduct and manage digital investigations.
Document and share attack reports across the IT department.
At every moment of every day, document the details of every attack, including where it is hitting the system, where it is coming from, what kind of attack it is, when and so on. Compile and share this information across the IT team so every member is aware of what types of attacks the system is facing. Consistencies within the report may shed light on a specific hacker group trying to use one type of malware to attack different parts of the business. This information sharing will help the IT team better understand what the system is up against and how best to protect it.