Preparing for an Attack & Breach
The attackers have branched out and are no longer merely focusing on one or two industries, such as DoD contractors or hospitals. This is partially due to their business model and ease of use, especially with ransomware. The revenue driven by these activities continues to grow. At this junction, it is prudent to plan for an attack and breach. With this completed and periodically updated, the enterprise and operations would be protected as much as possible while still operating.
There are a few steps the business can work towards and focus on to plan for this. The business needs to know who the enemy is. This may be rather daunting given the size of the internet, the anonymity of the internet, and the dark web. With your specific enterprise, there may still be the attackers that focus primarily in your industry, in comparison to the others who have branched out. These attackers may be hacktivists with specific goals and motivation. The attackers may scan your system and/or purchase details on your operating system from the dark web to make attacking you easier and more economical. An example of this to consider was SWIFT in the banking industry.
Another vital point are the employees. Although they may greet you in the morning and smile, they are one of the weakest points and difficult to secure. All it takes is a small set of employees of the thousands clicking on a link or file, and there are issues. This has been complicated by the employee’s names and at times departments being listed on the company website. The avenue to pursue here is security training that is relevant, engaging, and involving real-life examples. A much smaller set of employees provide a much more serious issue. There are certain employees who are looking to steal data and are the insider threat.
The company also needs to know what it does not know. Not every CIO, CTO, or CISO is aware of all areas within the organization and enterprise that need attention. A periodic review of the network, processes, and vendors should be undertaken. The environment is not static and changes regularly.
Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.