Five steps towards cyber breach preparation
by Ben Densham - CTO, Nettitude - Wednesday, 18 June 2014.
Earlier this week, Domino’s Pizza became the latest victim of a breach and ransom demand. Recent DDoS attacks on Evernote and Feedly DDoS, along with the efforts of Cryptolocker and other tricks to extort hard cash from unsuspecting users, are rapidly gaining momentum and are becoming a serious threat to individuals and organisations of all sizes. These brazen attempts to make a quick profit will only be fuelled for as long as they remain successful.

In these latest incidents we are seeing a continuation of a theme - if your company holds passwords and account information for customers, and you have an online method for those details to be used or accessed, there is a real threat that you could end up in the news for all the wrong reasons if the criminal gangs behind these attacks turn their attention to you.

So what is the new normal for companies wanting to prepare for a cyber breach? What steps should organisations be seeking to put into place in order to have the best possible response to a breach incident?

STEP 1 – Recognise your risk (update the ‘risk register’): Your risk register should – by default – hold the breach of customer account information as a defined risk and its potential to be obtained by the very real threat actors out there. It is very clear that this information is being targeted by hackers – it is important for organisations to carefully assess exactly what customer information they are culpable for in order to understand the level of risk they are exposed to.

STEP 2 – Secure the data (implement and verify the right controls): Your standard controls should include strong hashing with a protected salt. Complex passwords should be enforced, and the standard security hardening, patching and testing needs to be conducted. Passwords do not normally need to be stored in a reversible manner (such as encrypted, and clearly not in plain text or simply obfuscated).

You will need to accept a level of risk in your internet and email connected environments and remove your sensitive data into a hardened core. This core may not even be connected to the open internet at all. Think of this network model as looking like an avocado. You cannot rely on the traditional model of a hardened outer network shell, much like a coconut. Recent hacking incidents, spear phishing attacks and drive by downloads delivering custom malware, have all shown that this model is outdated and vulnerable.

STEP 3 – Monitor your environment (define standard monitoring, know what is happening and actively hunt on your network): Your ‘business as usual’ practise should ensure that you have active monitoring in place, with your data stored and protected well back from your public servers.

Any active changes, non-standard behaviour and unauthorised activity should be monitored across the network and alerted. An incident response plan should have been tested and rehearsed to ensure a breach can be detected BEFORE data extraction occurs. Make sure the path to your data is lined with multiple trip wires (monitored events) to ensure the hackers’ chain of actions prior to data extraction can be seen (reconnaissance, weakness exploits, delivery, extraction, etc). This will give you multiple opportunities to intercept and stop.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th