Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
01:00 PM
Hitesh Sheth
Hitesh Sheth
Connect Directly
E-Mail vvv

Rethinking Cyberattack Response: Prevention & Preparedness

The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price.

There is something inherently wrong with the current culture surrounding cybersecurity incident response.

Business leaders almost invariably approach incident response in two steps: prevention, then pain. Buy a Band-Aid and hope your cut does not get infected. Paint over the water spots on your ceiling and pray the house inspector won't find mold when you sell.

Related Content:

Security Operations in the World We Live in Now

Special Report: How Data Breaches Affect the Enterprise

New From The Edge:What You Need to Know -- or Remember -- About Web Shells

It's almost human nature to fall into the magnetism of procrastination. And when the inevitable happens, and organizations get breached, they go directly to crisis management mode — how do I minimize the impact of an attacker already within my network? How can I effectively and quickly address any events that could damage our reputation?

The critical and often overlooked step in the equation is preparedness.

As a business leader, you have to be prepared for anything (including, apparently, a global pandemic). Your ability to adapt is as important as your ability to lead. Prepared leaders plan for just about every scenario, from business disruptions and outages to employee misbehavior and natural disasters. But while most executives are tied up preparing for the "worst case" on the broader business landscape, a lot of the onus for safeguarding customer and partner data falls to the chief information security officer (CISO).

A Dangerous Disconnect
Vectra recently surveyed 1,112 security professionals working in mid- to large-sized organizations that use Microsoft Office 365. A key finding:

[A] high level of confidence was revealed amongst security teams in the effectiveness of their own company's security measures: nearly 4 in 5 claim to have good or very good visibility into attacks that bypass perimeter defenses like firewalls.

However, management-level respondents and practitioners such as security operations center (SOC) analysts had strikingly more pessimistic impressions of their organizations' overall ability to defend against an attack. This disconnect is dangerous. If there is a false impression about your team's ability to combat hackers, they are likely not armed with the necessary tools to succeed. Going one step further, if your SOC team is not prepared to act at the first sign of a breach, they may be far more likely to grow complacent about the evolving threat landscape.

Another component to bolstering your SOC team's preparedness level is empowering them to be constantly vigilant of new types of attacks. With knowledge comes power, and with the abrupt shift of many organizations to the cloud and the adoption of mass remote work, the threat of cyberattacks has heightened; new methods are uncovered every day. The recent Microsoft Exchange breach is another potent reminder that no application, network, or data center is invulnerable. This incident will trigger migration discussions in more IT departments, but they should be measured and strategic. If organizations recoil from on-premises solutions and jump blindly into Microsoft 365 or something like it, they might simply trade one set of threat factors for another.

The Growing Risk of Not Preparing
Attackers increasingly work laterally through a succession of infected devices en route to their goal or establish footholds throughout the network to exploit whenever they choose. Enter SolarWinds.

The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price. Too many organizations remain overinvested in old-school perimeter defense solutions despite mounting evidence of their deficiencies. And, as companies become more reliant on data storage and software-as-a-service (SaaS) solutions outsourced to the cloud, vulnerabilities may grow.

We still don't know the full scope of damage done by the SolarWinds incident and may never know. It's safe to say some remnants of the malware remain at work today, still undetected. To most users, the SolarWinds incident is of greater concern than your average credit card or health record heist. A critical infrastructure attack of this nature has far broader implications for everyday life. It could conceivably paralyze your train system or airport, compromise your energy grid, or affect your bank's transaction networks. President Biden has called for new spending on cybersecurity, which is a good start, but we truly need a national action plan to prioritize better detection of SolarWinds-class attacks.

I urge business leaders worldwide to use this moment in history to rewrite the conventional wisdom and hasten large-scale change to a more effective cybersecurity strategy. We've known for years about the virtues of robust network monitoring and rapid detection of inevitable breaches. SolarWinds should be remembered as a trigger for a better security posture, not the first in a series of cyber calamities that could have been prevented if we had only been prepared.

Hitesh Sheth is the president and CEO of Vectra. Previously, he held the position of chief operating officer at Aruba Networks. Hitesh joined Aruba from Juniper Networks, where he was EVP/GM for its switching business and before that, SVP for the Service Layer Technologies ... View Full Bio
Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Author
4/9/2021 | 6:39:02 PM
Enjoyed the content
Really enjoyed this.  An ounce of prevention is worth a pound of cure as the saying goes.  As the landscape continues to change, prevention is evermore critical. 
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...