Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
SecTor
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
10/19/2016
02:00 PM
Robert Anderson, Managing Director, Navigant, Cybersecurity Practice
Robert Anderson, Managing Director, Navigant, Cybersecurity Practice
Event Updates
50%
50%

Black Hat Europe 2016:
5 Best Practices for Defending Against a Cyberattack

The proactive management of cybersecurity relies on an intelligence-led approach that can either prevent a breach from happening, or make sure that it is quickly detected and remediated.

 

 

 

The escalation in cybercrime today is driven by the lucrative proceeds of hacking activity, the increasing availability on the Dark Web of stolen authentication credentials, and the growth off-the-shelf malware which has enabled greater participation in cybercrime.

Here are five best practices for organizations to follow to harden their defences against a cyberattack and mitigate the consequences in the event a breach occurs.

Best Practice 1: Know your Adversary.

Specific industry sectors are being targeted by cybercriminals, nation states or hacktivists, each with different motivations and capabilities. Hackers are able to scan organisations for system vulnerabilities in order to identify potential targets. Since the details of computer operating systems used by specific organisations can be purchased on the Dark Web, hackers are then able to attack organizations through customised malware designed to exploit vulnerabilities and bypass security. This year’s SWIFT compromise is perfect example of that strategy. The malware was written specifically for that company to circumvent internal controls.

Proactive management of cyber security relies on an intelligence-led approach uncovering the probable source and motives of external threats, with the aim of preventing a breach before it happens or at least putting mechanisms in place to ensure it is quickly detected and remediated

Best Practice 2: Think of Employees as a Security Vulnerabilities.

It has long been a practice of hackers to trick their victims into clicking on email attachments or links in order to download malware. Since details of employee names, their contact details and colleagues are readily accessible via company websites or social media sites, fraudulent emails may appear to originate from a known person in a plausible business context. By giving employees security awareness training they can be learn what procedure to follow when witnessing suspicious activity by co-workers, or receiving a suspicious email on their own.

 

Best Practice 3: Don’t Assume all Employees Are on your Side.

Hackers do not rely solely on employees who unwittingly enabling their attacks. They also gain insider cooperation with employees who intentionally steal data or help deliver the malware. In the case of the theft of DuPont trade secrets, details of the intellectual property were stolen by a number of insiders acting on behalf of an external party. The collaborators were not disgruntled employees; they were scientists open to bribery.

Network data traffic can also be analysed by experts to detect employees or contractors at risk of external factors of influence. Suspicious activity includes data transfers to unusual IP addresses, and data traffic of abnormally high volume or outside normal office hours.

 

To increase thelikelihood of detecting malicious insider behaviour quickly, it is important to monitor the activity of employees with access to sensitive data. This can be accomplished by setting up alerts for any data sent via unauthorised means, for example, file transfer, email, instant messaging or copied to CD Roms or USB sticks)

 

Best Practice 4: Fear What You Don’t Know

In recent years, we have seen major data breaches against TalkTalk, Sony, Vodafone and JP Morgan. These are only the most publicized cases; in many circumstances, companies are simply not aware that they have been breached because those responsible have evaded detection and continue to operate.

Here are some processes to help you detect ongoing compromises:  A thorough assessment of cyber resilience by identifying undetected ongoing compromises; stress testing of the organisation’s cyber defenses; utilizing scanning software to rapidly identify malware or a virus in order to investigate and neutralise it in real time; focus resources on real and active threats by eliminating false positives in alerts;  performing readiness testing to identify the security strengths and weaknesses of your organisation.

Best Practice 5: Act Quickly in the Event of a Compromise and Don’t Delay Notification.

When a breach occurs, an incident response management plan is vital. This should set out the pre-determined actions to be undertaken by the team coordinating the response, including notification ofrelevant stakeholders, including the government regulators. Organisations in EU member states must notify regulators within 72 hours from the time they discover the breach. The notification must include the nature of the breach, who had been affected, the potential implications of the breach, and the steps the organisation has taken to address it.

It’s also important to preserve forensic evidence, including all electronically stored information (ESI), devices and logs. Guidance from a digital forensic expert early in the investigation would be well worth the cost.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38153
PUBLISHED: 2021-09-22
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixe...
CVE-2021-31819
PUBLISHED: 2021-09-22
In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.
CVE-2021-38112
PUBLISHED: 2021-09-22
In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument.
CVE-2021-41382
PUBLISHED: 2021-09-22
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.
CVE-2020-23266
PUBLISHED: 2021-09-22
An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file.