Investigating the Autopsy of a Targeted Cyber Attack
Nov 25, 2016 00:37
A hacking group known as ‘Hacking Team’ posted a detailed overview of how a specific Italian firm was hacked into, on a public forum. Reading the hacking details was a fascinating analysis on its own, but the autopsy of the targeted attack is a definite must for every organisation that manages data security or supports a security policy in place.
Looking into the outline and procedures laid down by the hacker group, a security leader in an organisation who has concerns about such types of attack can look into how the ‘next’ attack can be prevented. If an organisation has suffered a similar data breach in the past, it should look into the following:
• Re-configuration of its common enterprise monitoring tools • Amendments made to log monitoring • Enhancements needed in alert analysis • Augmentationsin its vulnerabilities scanning
In addition to addressing 'if' an attack can take place, a security leader must also ask 'when' the next attack would take place. Once a hacker gets inside a company network, it can manage to cut through digital files, sensitive information and company infrastructure with ease. It is highly important that the inner workings of an organisational infrastructure are safeguarded.
The implementation of firewall logs can provide enhanced warnings of later breaches that are likely to take place. In addition, all software must be appropriately updated and patched in order to prevent vulnerabilities within the network management system. In most cases, data breaches take place because management networks and backup are not segregated as they should be which calls for a clear and demarcated creation of management and operational networks, in order to protect data and organisational infrastructure, particularly when the management network calls for administrative privileges.
One of the greatest challenges every organisation with a data security policy in place is to monitor those individuals with privileged facilities. A number of companies, particularly government related, need security clearances in order to safeguard from insider hazards. In spite of providing privileged users with accounts, it is important to monitor such users’ uses as well as their workstations. This is not because the privileged users are untrustworthy, but for their own protection and to ascertain that they are not being watched by key loggers, phishers, network sniffers and cyber terrorists.
Whenever intellectual property is a target, it is observed that a lot of data gets ex-filtrated. A data protectionor data loss prevention (DLP) solution that is effectively implemented and monitored can greatly diminish the possible and likely impact of a data breach or a document infringement attack.
Every organisation must ensure that necessary steps are taken to strengthen existing data encryption and protection matters on digital files in order to prevent a data breach. More and more organisations must review basic processes and procedures such as the setting of passwords for documents and email attachments-things that normally do not raise eyebrows or are taken notice of due to lack of time, resources or technical information. All security processes must be regularly and periodically scrutinised and reviewed by IT security so that organisational data or customer information is protected at all times.
Author Bio: Carol is a freelance technology writer. Currently, she is working for Locklizard, a reputed DRM technology provider. Please check their website www.locklizard.com for information security guides and document security papers.
Verifying emails in bulk means verifying many emails at once. If you have a large database, this service will be of great benefit to your business, because it will help you reach all the people who subscribed to your emails. As your deliverability improves, your marketing campaigns will perform better and, eventually, you will notice more sales. Read more
You might be starting a business in this time and age when you have a variety of options for your various installations. Everything seems to have an option and to take a server as an example, you will have two main options to go with. They are in-house and cloud servers or storage. Read more
A powerful multifunctional USB C Hub is a very important accessory for Apple MacBook users. MacBook series with its 12 Inch display is for those who want the tough performance of MacBook pro with sleek and compact size like MacBook Air and more reasonable price. Like the premium MacBook series, it also comes with retina display, fast CPU, and powerful battery. It also has the latest type of connector, USB C. Read more