Last week I attended the FireEye Cyber Defense Summit in Las Vegas. For those of you not familiar with FireEye, they are one of the premier cybersecurity companies in the world. FireEye provides cybersecurity services, consulting, and tools to organizations in both the public and private sectors. The conference brings together cybersecurity experts from government and industry as well as FireEye customers to discuss emerging cybersecurity threats, lessons learned, tactics, and the latest tools for protecting IT networks and the assets contained therein. In this post I’ll summarize the latest threat information and provide a few useful tidbits that you and your company can take to secure the data residing in your network.
Who are the bad guys?
From a global perspective, four nations - Russia, China, Iran and North Korea - are the primary culprits attempting to wreak havoc in order to further their geopolitical aims but, also, for purposes of industrial espionage. Cybercriminals are very active as well but, for them, financial gain is the primary motivator. Unfortunately, the lines between cyber criminals and state actors is blurring as many of the state-sponsored actors are moonlighting in order to fatten their bank accounts. In short, the threats are varied and are coming from many sources.
Aren't I too little for them to care about?
But, you may say: "Why would a cyber criminal be interested in my company? I don't have a high profile." The answer is two-fold. First, there is gold in the customer data you have stored in your systems. Maybe you have credit card information but, even if you don't, you have customer identity information that could be stolen and used for fraudulent financial transactions. Second, they may seek to use your network as a springboard into the networks of larger target companies with whom you partner. So, to answer the question at the start of this paragraph, yes, we're all targets! Imagine, for a moment, the repercussions to your business if it was revealed that your customer data was suddenly exposed on the Internet. Would your business survive such a hit to its reputation? Many don't.
So, what to do? Here are a few starting points.
Email is still the primary attack vector by far. Between 85 to 90% of all attacks originate via email - either malware attachments or embedded malicious links. You can go a long way to protecting yourself from this threat by:
- Providing Cybersecurity Awareness Training to your team. This will enable them to better detect and avoid email scams.
- Implementing an email filtering service so that all incoming email is checked for phishing attacks and malware as well as spam.
Access through compromised user accounts is used in virtually all attacks. Some things you can do:
- Password policies that force complexity and regular password changes are essential.
- Limit who has administrative access - users should only have the access they require.
- Training! Provide training so your team knows how to manage passwords.
- Delete unused accounts. Be sure you have a process for removing access when employees or contractors leave.
- Consider implementing "two factor authentication" (2FA). 2FA is based on a user getting authenticated because of something he knows (e.g. password) and something he has (e.g. a smartphone). 2FA is commonly available and not terribly expensive anymore.
Implement a SIEM System
Consider implementing a "Security Information and Event management" (SIEM) system. A SIEM will gather information on security-related events from many points in your network (e.g. firewall, antivirus, server event logs, other sensors) and correlate the data to paint of picture of network activity. Malicious activity on your network is detected more quickly and defensive action can be taken.
Conduct a Risk Assessment
It's very difficult, if not impossible, to completely protect everything on your network. So, classify your data by sensitivity level. If you have credit card, medical, financial or personal information on your clients then classify that at the highest level and then work your way down. Determine where the most critical data resides and focus your time and money on protecting that first. A Cybersecurity Assessment provides a complete analysis and report on your risks and vulnerabilities, for a one-time fee.
Develop and Test Response Plans
Don't wait for a breach to occur before figuring out what you'll do. Develop policies and response plans - know who does what and who communicates to the outside world - and test them.
To wrap up, the threats for any business with an online presense are varied and continually evolving. The good news is that there are ways to mitigate the risks and protect your business from the threats. The bad news is that it will take some focus and money on your part in order to protect yourself properly.