Cyber attacks at SolarWinds and FireEye underline the importance of cyber risk management. Breaches happen. The best action is strategic planning.
Attacks Can Impact Any Business
Regardless of preparation and perimeter defences, cyber attacks impact businesses of all sizes.
Last week, a major provider of network management tools reported a significant cyber attack. Their build environment was compromised so that malicious updates could be distributed to their customers in a precise and calculated attack. The malicious compromises were then downloaded by up to 18,000 customers under the guise of a legitimate update.
The attack demonstrates that compromises will happen, and it is only a matter of time before they do. Attackers are vigilant and constantly looking for opportunities to profit from vulnerability.
The effort required to plan and execute this attack was significant. This was not a random crime of opportunity, but a sophisticated attack rolled out on unknowing global players.
The Masked Ball of Cyber Breaches
The attack demonstrates that cybercriminals will go to great lengths to maximize profit.
Like planning for a masquerade ball, preparing a disguise requires dedication and effort. In this case, it’s a Mission Impossible level of disguise meant to fool everyone. From what we know so far, in addition to being signed by the software vendor, the attack ensured actions were very similar to the legitimate software.
The malware left no unusual trace and fit seamlessly into activity logs.
The attack impacted some of the most heavily guarded organizations on the planet. These include, but are not limited to, the US Military, the US Treasury, the US State Department, FireEye, and Cisco.
The breach may have found a foothold early in 2020, demonstrating that even those organizations with intense cybersecurity protocols in place can be victims. In light of this, the next best defence is enhancing the capacity to detect and respond to a breach to limit the damage.
Risk Management Planning is Key
These recent attacks are not the first of their kind, nor will they be the last. They do, however, underline the importance of planning for the worst–case scenario.
CYDEF’s technology and services are designed with an understanding that breaches happen and that they can destroy businesses. Attacks can access, modify, or destroy customer data, intellectual property, operational and financial data, and when it happens, an organization may need to shut down, rebuild systems, and notify customers. In some circumstances, fines can also add to the overall incident costs. Alternatively, customers may no longer trust a business that can’t track breaches.
Simply put, a business cannot operate without customers.
That’s why managed detection and response services, like SMART-Monitor, are essential to businesses of all sizes. As applications or processes attempt to access local resources or the network, SMART-Monitor reviews the activity and responds if needed. An alert garners the attention of our team of cyber analysts. Their assessment takes a detailed look at the source, purpose, and actions and tailors the response accordingly.
In this case, the attack did leave a breadcrumb: they temporarily modified scheduled tasks for their own needs. It’s not much, but that’s enough for SMART-Monitor to trigger an investigation. Could we guarantee we would have found out earlier? That’s hard to say as we need to go back in time and see the answers we would get from the questions we would be asking.
Expect Compromise. Prepare Wisely.
Data breaches pose a significant risk to business survival. Data security can make or break an organization. Planning for an eventual breach, identifying trusted partners, implementing processes, choosing technology and services to detect, respond, and recover should play a key part in any business’s strategic planning.
Starting points to a strategic cybersecurity plan include:
- Assess the risk and the impact: Almost every organization is highly dependent on technology, but many don’t understand the real impact of losing access to data or the tools themselves will have on the business.
- Build a strategy: Scope and plan for risk mitigation and transfer of risk (e.g., Cyber insurance). Work with service providers to perform assessments and determine scope and budget.
- Build awareness: Everyone needs to improve their understanding of the risks and the strategy to reduce them.
- Establish processes: Identify parties responsible for oversight and plan for compliance.
- Implement and maintain controls: An organization’s internal expertise may be insufficient to deploy and operate security controls properly. Managed services are required to ensure their effectiveness.
CYDEF: Your Partner in Breach Detection
Do the recent breaches have you concerned about what’s happening in your environment? CYDEF’s proprietary technology can be deployed within minutes, track down breaches almost instantly, and defend against future attacks. Our Professional Services team can support your organization in planning and deploying a solution.
We’re here to help. Get in touch if you’re looking for data security.