Greg Day, VP and CTO EMEA, FireEye, comments on why this should be a wake up call for all companies, no matter what size. The Lakeland attack highlights some key issues that all companies need to be aware of:
1. Typically there is still the perception that APTs are aimed at government and global companies, this attack validates that all industries and market sizes are being targeted.
2. With the depth and complexity of today's IT, organizations struggle to keep pace from a security perspective. Companies need to start looking at the problem from another angle - all to often we over focus on preventing attacks, but companies are starting to recognize that breaches will occur, which means we need to:
- Understand the what, where and how – gather up the forensic data to identify the indicators of compromise that help us understand.
- Gain insight into the who and why – by looking at data such as the communications and call back points we can often glean some insight into the motive of the attacker.
4. Whilst companies continue to focus on prevention, we all to commonly see that they have weak or sometimes no incident response process. Very typically post incident they will engage experts to help them review or write a response process. If you look in the last 12 –18months we have seen a real explosion in companies, be they consulting firms or security vendors, providing incident response services as too many companies realize they do not have the skills or expertise to respond alone.