Dealing with a data breach: Handling the intruders
Security has never been a more pressing issue for businesses than it is now. Mobile working, the proliferation of increasingly sophisticated, connected devices, and the growing number of applications relied upon by the modern enterprise all represent potential risks that weren’t apparent in generations past.
There is a growing fear about the level of damage that cyberattacks could bring, so much so that the United Kingdom has launched a £1.9bn National Cyber Security Strategy to prevent such attacks.
This is seen as a necessary expenditure, as data breaches now constitute a game-changing loss for businesses. A recent study found that the average consolidated total cost of a data breach has grown to around $4 million. With this kind of money in play, the level of threat also evolves. The enterprise is no longer dealing with teenaged basement-dwellers.
Today, security is all about fending off organized crime syndicates hoping to exploit the security windows evolving technologies have opened. So, if your company is breached, what do you do? The answer might not be as obvious as you think.
Life's a Beach
There are several ways that businesses can better equip themselves to tackle security threats, from end-to-end monitoring, which will allow security analysts to witness and act upon any suspicious activity throughout the organization, to ensuring that the appropriate tool kits are up to date.
Indeed, knowledge of the current landscape of attacker tools is a huge boon for companies looking to avoid infiltration. By being aware of the tools that attackers are using, you can better equip your company to combat them.
Of course, it’s not enough to know about what tools an attacker is using. You have to ensure that your tool kit is advanced enough to combat them.
Essentially, you don’t want to bring a knife to a gun fight. Herein lies a challenge for security analysts, who struggle with being able to program and code in time to keep up with these advances. Time and resources allotted to this task can reduce risk in the long run.
So, there are ways to fight off cybercriminals, but what if you discover your business has already been infiltrated?
Dealing With Intruders
Much like finding an unwanted guest in your home, instinct and common sense would usually dictate that, were your company breached, you’d look to weed out the perpetrators and do whatever you could, as quickly as you could, to remove them.
However, it may be more valuable if, upon learning of the intrusion, your company isolates and monitors what’s going on. Now, this may seem contradictory, like letting a burglar root around your house for a while before calling the police, but bear with us.
If you see that you have been compromised, you have two options: first, you could immediately change all of your passwords and wipe all machines that may have been accessed. The upside of this is the fact that the breach has been quickly addressed. The downside is that the criminals will immediately know that they’ve been detected, eliminating any further chance of investigation. It’s also very likely that the attackers were able to compromise machines you didn’t notice.
The alternative is that you wait, and monitor just how far the infiltration goes. It may be best to not let the attackers know that you know that they are there. If this sounds odd (and a bit confusing), that’s because it may feel counterintuitive. It’s also a very advanced technique that you should only undertake if you have sufficient staff and are confident the attackers are isolated from damaging your business.
However, by being patient, and investigating the way attackers infiltrated your organization, and the level of access they achieved, you will be better placed to identify the scope of the breach and prevent similar future attacks.
Enterprise security is likely to dominate the headlines for many years to come, with more money to be made and attackers growing increasingly sophisticated. A considered, measured approach to incident response can help your organization plan for the future, and ensure that any action taken today will help your organization tomorrow.
Mav Turner, Director, SolarWinds.
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.
Image Credit: Brian Klug / Flickr