Pre-emptive action is vital in the battle against cyber attacks

by Simon Howe, ANZ Sales Director, LogRhythm

Once the subject of alarmist science fiction movies, cybersecurity breaches have now become an all-too-common feature of modern life.

From attacks on power grids and nuclear reactors to the disabling of business IT systems and theft of data stores, the activities of cyber criminals are becoming ever more sophisticated. As a result, the damage and disruption they can cause is growing by the day.  

With the number of threats continuing to increase, there are four key action areas in which Australian organisations should be focusing. Taking steps in each of these will reduce the likelihood of falling victim to an attack and help with mitigation should one occur. The action areas are: 

1. Constantly monitor vulnerabilities
Thankfully, most organisations now have basic IT security measures in place, but it must be remembered that this is far from being a set-and-forget exercise. IT teams need to constantly update operating systems and applications on a regular basis to ensure they can withstand new threats.

Failure to do this can have big ramifications. For example, the WannaCry ransomware strain that hit victims in 2017 succeeded because it exploited a vulnerability in Windows that had been identified weeks earlier. Microsoft had released a patch for the bug, but many organisations failed to apply it, leaving them open to the exploit. The Petya/NotPetya attacks soon followed and used another known vulnerability to target Ukrainian infrastructure and huge companies such as shipping giant Maersk.

IT departments must have a robust process in place to become aware of security vulnerabilities as they are disclosed – and to apply patches as soon as they’re available.

2. Focus on employee training

It’s often said that the weakest link in any IT infrastructure is the users, and this is backed by the fact that Phishing remains one of the most common techniques used by cybercriminals.

Research  has found that two thirds of organisations have fallen victim to social engineering attacks, while whaling/CEO fraud is becoming increasingly common as a way to dupe individuals into making payments into the accounts of cybercriminals.

For this reason, all staff need to be trained effectively to spot the warning signs of attacks. To make this more effective, organisations are turning to gamification techniques  to make training more engaging for staff.
Defined by Gartner as “the use of game mechanics and experience design to digitally engage and motivate people to achieve their goals”, gamification is being successfully used by the likes of Ford, Deloitte and PwC to make their workforces more security-savvy.

3. Don’t pretend nothing has happened

During 2017, Uber acknowledged a major data leak had compromised 57 million user accounts. The company also admitted it had paid hackers $100,000 to conceal and destroy the stolen data.

The way the company dealt with the breach led to its chief security officer leaving his post and resulted in an investor consortium offering 30 per cent less than share value for a stake in the company.

A similar incident occurred when credit-rating agency Equifax waited until September 2017 to report a hack of 143 million personal information records that had occurred in July of that year. The company’s CEO, CIO and CSO all resigned once it became clear that there had been a delay in reporting the incident.
It is likely the impact of these breaches wouldn’t have been so severe if the organisations had been upfront about them. Businesses should therefore be transparent when they suffer a security breach. 

4. Get more sophisticated

In general, recent cybersecurity breaches suggest that many organisations need to become more sophisticated in their security capabilities.

For example, when it comes to phishing, two-factor authentication can severely reduce risks, as it makes stolen credentials extremely difficult to use. Also, mobile devices linked to corporate networks should be encrypted to ensure confidential data that’s contained, communicated and accessed by them is difficult for third parties to obtain.

The segmentation of corporate networks, with authentication required to move between segments, also makes it more difficult for attackers to get at the data they’re seeking, making it too costly and time-consuming for them to pursue.

It’s also a good move to put in place a security incident and event management (SIEM) together with relevant network monitoring and user and entity behaviour analytics (UEBA). Such systems will ensure an organisation is much better prepared to rapidly detect and respond to compromises.

At the very least IT teams need to be diligent about applying software patches and providing compelling and effective training for users. They should also have detailed plans in place for how to report and respond to successful breaches.

Considering these four action areas now will put your organisation in a much better position to withstand cyberattacks and deal with any that might succeed.