CyberSecurity Institute

While the majority of network breaches are caused by social engineering – that is, leveraging the end user as an attack vector though which unauthorized access is gained to sensitive computing assets such as communication and database servers – some other protective measures are available now and should be implemented immediately to effectively curb future exploits that can threaten even the most protected computer enclaves.

Although social engineering points to a failure at the top of the organization to link information security with corporate strategy (as well as a lack of end user training that could effectuate a first line of defense against would-be attackers), more frequent reviews of corporate strategies needs to be done, with special attention paid to ensuring that the firm’s information security strategies are aligned with business strategies.

Infected USB drives, for example, sprinkled in corporate parking lots and commuter trains floors is a common attack methodology used by adversaries to gain access to computer networks with miniscule effort, since the workers themselves are culpable of spotting them, picking them up, and inserting them into their computers when they arrive at work.

Locating IP addresses (the addressing scheme the Internet uses to relay information) of misconfigured devices is a trivial task, since one can simply search online search to learn how to perform ‘penetration testing’ , and since most laptop and tablet users don’t know how to configure their devices and user accounts properly before plugging into the Internet, it becomes even easier to hack into systems.

The overall objective here, of course, is to bring about a highly skilled IT workforce that possessed, for example, a thorough understanding of proper incident handling techniques so when breaches do occur, they can quickly be identified, contained, and eradicated, not to mention the payoff that firms acquire when reviewing recent unsuccessful hacking attempts and adjusting the firm’s overall security strategy.

Furthermore, insight into common attack methods, malware analysis capabilities, network defense-in-depth techniques, and sound information security governance and policy frameworks that can boost the defensive postures of all firms and is also a necessary component of responding to the threats from network-based attacks.

This fact, coupled with the relatively miniscule amount of proven cyber warriors available today ultimately limits the ability of most firms to simply keep up with the ever-morphing catalog of millions of computer worms and viruses that grow by the thousands each day, hence the call for more certified IT security practitioners.

To protect against the potential devastation that the nefarious activities by hackers everywhere pose to all of us, it is vital stay in lockstep with the protocols being used by the most sophisticated malware purposefully designed to evade the most cleverly configured intrusion prevention & intrusion detection systems currently used throughout U.S. companies, but we are falling short.

Link: http://thehill.com/blogs/congress-blog/homeland-security/283481-us-must-do-better-in-preparing-professionals-to-help-fight-cyber-attacks

In addition to ensuring that firewalls and other security measures are up to industry standard, a thorough security assessment will also identify where sensitive data is stored and whether this can be segmented or further removed from the rest of the IT system. This must include a specific plan to ensure that valuable time is not lost as the organization decides who is in charge of the response efforts.

Corporates should determine in advance of an incident what the chain of command will be for the incident response team.

Whether law enforcement can play any meaningful role in the aftermath of a hacking incident is often dictated by the type of incident involved. Even if law enforcement could determine the scope of the incident for the corporate victim, there are serious downsides to this approach for most organizations.

Hackers rarely leave a detailed list of what they stole and only painstaking reconstruction of a hacker’s activities through sophisticated computer forensics can determine if regulators or individuals need to be notified about the breach.

This could prove a public relations disaster, especially since the public often blames the corporate victim for failing to prevent the incident, regardless of the facts.

Link: http://www.continuitycentral.com/feature1050.html