Investigating the Autopsy of a Targeted Cyber Attack
Nov 25, 2016 00:37
A hacking group known as ‘Hacking Team’ posted a detailed overview of how a specific Italian firm was hacked into, on a public forum. Reading the hacking details was a fascinating analysis on its own, but the autopsy of the targeted attack is a definite must for every organisation that manages data security or supports a security policy in place.
Looking into the outline and procedures laid down by the hacker group, a security leader in an organisation who has concerns about such types of attack can look into how the ‘next’ attack can be prevented. If an organisation has suffered a similar data breach in the past, it should look into the following:
• Re-configuration of its common enterprise monitoring tools • Amendments made to log monitoring • Enhancements needed in alert analysis • Augmentationsin its vulnerabilities scanning
In addition to addressing 'if' an attack can take place, a security leader must also ask 'when' the next attack would take place. Once a hacker gets inside a company network, it can manage to cut through digital files, sensitive information and company infrastructure with ease. It is highly important that the inner workings of an organisational infrastructure are safeguarded.
The implementation of firewall logs can provide enhanced warnings of later breaches that are likely to take place. In addition, all software must be appropriately updated and patched in order to prevent vulnerabilities within the network management system. In most cases, data breaches take place because management networks and backup are not segregated as they should be which calls for a clear and demarcated creation of management and operational networks, in order to protect data and organisational infrastructure, particularly when the management network calls for administrative privileges.
One of the greatest challenges every organisation with a data security policy in place is to monitor those individuals with privileged facilities. A number of companies, particularly government related, need security clearances in order to safeguard from insider hazards. In spite of providing privileged users with accounts, it is important to monitor such users’ uses as well as their workstations. This is not because the privileged users are untrustworthy, but for their own protection and to ascertain that they are not being watched by key loggers, phishers, network sniffers and cyber terrorists.
Whenever intellectual property is a target, it is observed that a lot of data gets ex-filtrated. A data protectionor data loss prevention (DLP) solution that is effectively implemented and monitored can greatly diminish the possible and likely impact of a data breach or a document infringement attack.
Every organisation must ensure that necessary steps are taken to strengthen existing data encryption and protection matters on digital files in order to prevent a data breach. More and more organisations must review basic processes and procedures such as the setting of passwords for documents and email attachments-things that normally do not raise eyebrows or are taken notice of due to lack of time, resources or technical information. All security processes must be regularly and periodically scrutinised and reviewed by IT security so that organisational data or customer information is protected at all times.
Author Bio: Carol is a freelance technology writer. Currently, she is working for Locklizard, a reputed DRM technology provider. Please check their website www.locklizard.com for information security guides and document security papers.
As we are living in a digital world, where most of the things related to the working of any organization are executed online and networking is also one of those things. Every organization needs to be networked so as to facilitate it with the communication capabilities. Read more
The demand for high definition and 4K videos from various sources such as the Internet, hard drives, local Ethernets and more, has been rising exponentially. As a result, it is becoming equally important to keep the prices of these videos in check and ensure that customers are able to afford it at all times. Not only this, it is also necessary to keep the process simple and refrain from introducing any complexities. Read more