Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/7/2021
01:00 PM
Hitesh Sheth
Hitesh Sheth
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Rethinking Cyberattack Response: Prevention & Preparedness

The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price.

There is something inherently wrong with the current culture surrounding cybersecurity incident response.

Business leaders almost invariably approach incident response in two steps: prevention, then pain. Buy a Band-Aid and hope your cut does not get infected. Paint over the water spots on your ceiling and pray the house inspector won't find mold when you sell.

Related Content:

Security Operations in the World We Live in Now

Special Report: How Data Breaches Affect the Enterprise

New From The Edge:What You Need to Know -- or Remember -- About Web Shells

It's almost human nature to fall into the magnetism of procrastination. And when the inevitable happens, and organizations get breached, they go directly to crisis management mode — how do I minimize the impact of an attacker already within my network? How can I effectively and quickly address any events that could damage our reputation?

The critical and often overlooked step in the equation is preparedness.

As a business leader, you have to be prepared for anything (including, apparently, a global pandemic). Your ability to adapt is as important as your ability to lead. Prepared leaders plan for just about every scenario, from business disruptions and outages to employee misbehavior and natural disasters. But while most executives are tied up preparing for the "worst case" on the broader business landscape, a lot of the onus for safeguarding customer and partner data falls to the chief information security officer (CISO).

A Dangerous Disconnect
Vectra recently surveyed 1,112 security professionals working in mid- to large-sized organizations that use Microsoft Office 365. A key finding:

[A] high level of confidence was revealed amongst security teams in the effectiveness of their own company's security measures: nearly 4 in 5 claim to have good or very good visibility into attacks that bypass perimeter defenses like firewalls.

However, management-level respondents and practitioners such as security operations center (SOC) analysts had strikingly more pessimistic impressions of their organizations' overall ability to defend against an attack. This disconnect is dangerous. If there is a false impression about your team's ability to combat hackers, they are likely not armed with the necessary tools to succeed. Going one step further, if your SOC team is not prepared to act at the first sign of a breach, they may be far more likely to grow complacent about the evolving threat landscape.

Another component to bolstering your SOC team's preparedness level is empowering them to be constantly vigilant of new types of attacks. With knowledge comes power, and with the abrupt shift of many organizations to the cloud and the adoption of mass remote work, the threat of cyberattacks has heightened; new methods are uncovered every day. The recent Microsoft Exchange breach is another potent reminder that no application, network, or data center is invulnerable. This incident will trigger migration discussions in more IT departments, but they should be measured and strategic. If organizations recoil from on-premises solutions and jump blindly into Microsoft 365 or something like it, they might simply trade one set of threat factors for another.

The Growing Risk of Not Preparing
Attackers increasingly work laterally through a succession of infected devices en route to their goal or establish footholds throughout the network to exploit whenever they choose. Enter SolarWinds.

The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price. Too many organizations remain overinvested in old-school perimeter defense solutions despite mounting evidence of their deficiencies. And, as companies become more reliant on data storage and software-as-a-service (SaaS) solutions outsourced to the cloud, vulnerabilities may grow.

We still don't know the full scope of damage done by the SolarWinds incident and may never know. It's safe to say some remnants of the malware remain at work today, still undetected. To most users, the SolarWinds incident is of greater concern than your average credit card or health record heist. A critical infrastructure attack of this nature has far broader implications for everyday life. It could conceivably paralyze your train system or airport, compromise your energy grid, or affect your bank's transaction networks. President Biden has called for new spending on cybersecurity, which is a good start, but we truly need a national action plan to prioritize better detection of SolarWinds-class attacks.

I urge business leaders worldwide to use this moment in history to rewrite the conventional wisdom and hasten large-scale change to a more effective cybersecurity strategy. We've known for years about the virtues of robust network monitoring and rapid detection of inevitable breaches. SolarWinds should be remembered as a trigger for a better security posture, not the first in a series of cyber calamities that could have been prevented if we had only been prepared.

Hitesh Sheth is the president and CEO of Vectra. Previously, he held the position of chief operating officer at Aruba Networks. Hitesh joined Aruba from Juniper Networks, where he was EVP/GM for its switching business and before that, SVP for the Service Layer Technologies ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Kinsey_twelve
50%
50%
Kinsey_twelve,
User Rank: Author
4/9/2021 | 6:39:02 PM
Enjoyed the content
Really enjoyed this.  An ounce of prevention is worth a pound of cure as the saying goes.  As the landscape continues to change, prevention is evermore critical. 
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27491
PUBLISHED: 2021-07-30
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process.
CVE-2021-27495
PUBLISHED: 2021-07-30
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint.
CVE-2021-32807
PUBLISHED: 2021-07-30
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessControl` severely restrict acce...
CVE-2021-22521
PUBLISHED: 2021-07-30
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges.
CVE-2021-34629
PUBLISHED: 2021-07-30
The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8.