FINAL WORD
“
DDOS ATTACKS THAT
EITHER DIRECTLY
TARGET A COMPANY’S DIGITAL
INFRASTRUCTURE, OR INDIRECTLY
TARGET ITS SERVICE PROVIDERS, ARE
ALSO A GROWING CONCERN.
Tim Bandos, Senior Director of Cybersecurity
at Digital Guardian
to start your breach analysis is to consider
who was behind the attack. With this
knowledge, you will be able to build a better
“
PARTICULARLY
SAVVY
ATTACKERS MAY
PURPOSELY
ENGAGE IN A
CYBERATTACK
DURING
NATIONAL
HOLIDAY PERIODS
WHEN THEY
KNOW SECURITY
PERSONNEL
COULD BE SHORT-
STAFFED AND ON
LOW ALERT.
www.intelligentcio.com
picture of the entire incident. Also, the tactics
and targets of a lone cybercriminal will differ
greatly to state-sponsored attackers, which
will in turn differ to hacktivists. attacks to target the weakest link in the
security chain: the end-user.
What? The motive of an attack is an important
piece of information for any external
announcements that might need to be
made. Having these details is also very
helpful when it comes to justifying your
incident response plan or recommendations
for additional security spending to company
executives. For the most part, financial
motive is still the top reason for attacks
against companies; even state-sponsored
attacks are financially-driven in some sense.
It may take years and cost millions of
pounds to develop the intellectual property
and customer base that can be stolen in a
mere matter of hours.
There is a myriad of different attack
techniques that target different weaknesses,
so it is important to pinpoint exactly what
caused the incident. Defacing websites has
fallen out of fashion in favour of ransomware
and data theft. DDoS attacks that either
directly target a company’s digital
infrastructure, or indirectly target its service
providers, are also a growing concern. More
recently, attackers have started to implement
mass data destruction attacks which can
seriously damage a business.
Why?
When?
How?
Understanding the timing is all part of
building a better picture of the incident.
There are no holidays in the global hacking
community, though particularly savvy
attackers may purposely engage in a
cyberattack during national holiday periods
when they know security personnel could be
short-staffed and on low alert. Timing is also
an important factor to consider if you do need
to notify business partners and customers
that their data has been compromised.
Where? In order to effectively remediate you need
to create a detailed step-by-step outline of
exactly how the hacker attacked or breached
your company. The tactics are evolving
and some of the old tricks are making a
comeback. Making matters worse, the black
market for toolkits and ‘hackers for hire’
means that anyone can buy the technical
savvy they need. Disgruntled employees, lost
or stolen devices and unintentional sharing
of sensitive information are other possible
causes of an attack.
Arguably, the most important questions
to answer following an attack or breach is
where it was targeted. This will involve an
in-depth review of your entire attack surface;
consider your network, your remote workers,
your partners, your suppliers and even
whether an infected USB stick could be to
blame. Today, the most common entry point
is email, for which hackers craft phishing Without an incident response plan in
place, panic can set in and the wrong
decisions may be made, leading to severe
consequences. By focusing on these six
questions in the immediate aftermath
of a data breach or cyberattack, incident
response teams minimise the likelihood of
emotional-drive actions or mistakes, allowing
for more effective remediation. n
INTELLIGENTCIO
105