Data breaches have become the order of the day, just a couple of weeks back one of the major Hollywood production company and entertainment industry giant got hacked and was robbed of several gigabytes of confidential to ultra-sensitive information. The damage is still being undone as we write this and employees of that organization have been asked to stay off their mobiles, computers, and network to contain any further leakage. All the worldwide offices of that organization have been shut down from network access for more than a week, causing heaving revenue losses apart from some Hollywood flicks in HD format that have been released into torrent sites much before their premiere scheduled during March 2015. This loss might run into millions of dollars.
The targeted attack not only was designed to steal information but also wipe out data from hard disks showing the potential of some hacking groups to be disruptive in nature. It will take months for the company to get back into shape as far as recovering from the data loss that it has just experienced apart from onslaught of media attention and negative publicity. Imagine the plight of employees logging in on their workstations on a Monday morning only to be greeted by a red screen with warning message and a skull head in the background.
Though the media has already started attributing state sponsored hackers, hacktivists, and a physical access into the entertainment giant’s corporate network, a deeper investigation can hopefully reveal what exactly caused this and what are the motives of the attackers. This has become more difficult now that the worm used actually wiped off the entire hard disks on the systems that it had compromised.
This is a wakeup call for all the organizations, defence is not just in perimeter any more, in fact firewall’s, Intrusion prevention systems are fast proving to be ineffective to thwart cyber-attacks which are meticulously planned. Employees of an organization are vulnerable from everywhere, on their laptops, their smartphones, and a stranger greeting them on the street to the innocent looking website that they may have browsed for few minutes.
Organizations will have to define a robust deep skin security strategy which spans across the breadth and depth of an organization, they need to clearly map out critical information, identify bad apples within the organization, and measure the preparedness of employees in the event of a targeted spear phishing attack or a friendly access into their systems.
Organizations should not only depend on security technologies to help them thwart these attacks rather they should complement them with continuous monitoring of critical endpoints, assets and network components for anamoly and suspicious behaviours. Every touch point in a critical business operation should be able to alert when there is a possible misuse case, and there should be a SWAT team that watches these alerts and makes security sense out of them.
The reason not to rely on key security technologies is only further cemented with a fact that in one of the recent attacks a well-known security product which is famous for allowing whitelisted applications was compromised and the worm successfully included itself in the allowed whitelisted apps of the tool and compromised the systems.
Organizations need to do several things to thwart attacks which are targeted at them,
- Classify information based on business criticality and group them together for specific security measures
- Have a SWAT team which continuously tests the waters when it comes to current defence technologies
- Include endpoints like laptops, smart phones in their security strategy and protect them with the same level of security that is traditionally provided to servers
- Continuously train people on why they should be aware of cyber-attack by simulating attacks
- Monitor the critical assets for abnormal behaviour rather than just depending on the security technologies that are implemented on them, most of the security controls, tools throw out very important information which is usually ignored; and a centralized monitoring of them only helps to detect attacks much before they cause damage which is usually irreparable in nature.
It’s only in the interest of the CXO’s of the organizations to have a dedicated security strategy team which works with industry leaders in the security services area to draft an effective and predictive strategy to help the organization in these days of onslaught of cyber-attacks. Organization need to work with security companies to have tighter SLA’s and preventive monitoring which should help them detect attacks in seconds and mitigate them in minutes.
As you finish reading this and at this moment somewhere in the world cyber criminals would have successfully penetrated into a company which has a weak security strategy and would have floated its information on Darknet sites either for public consumption or for financial gains.
Never before in the history of computing having a solid information security strategy in this always connected world has been more important.