Responding to Targeted Cyber Attacks and Insider Threat

Responding To Targeted Cyber Attacks And Insider Threat
Responding to Targeted Cyber Attacks and Insider Threat

In today’s constantly evolving technological world, hackers are a bigger threat than ever. Cyber attacks have become more sophisticated and more threatening to organizations in recent years. These attacks have become so frequent that experts say the question is no longer if your organization will be hacked, but when.

All too often, companies are not equipped to prevent or deal with the aftermath of these attacks. Many practices are out of date due to the ever-changing nature of technology, giving hackers easy access to your data, sensitive information, and assets. However, there are steps organizations can take to prepare for and effectively respond to targeted attacks.

Preparation and Prevention

An important aspect of cyber attack prevention is comprehensive monitoring of your systems and information. This includes keeping track of who within your organization has access to certain information, determining where sensitive data will be held, and using endpoint detection and visibility to monitor activity across servers, desktops, laptops, and other mobile devices that employees use to access company information.

Using programs like a log correlation engine or security information and event management system will log, monitor, and survey employee activity. When activity occurs that can’t be traced back to an employee, this may be a sign of a hack.

User education and training is another important aspect of preparation. Employees who will have access to servers and data need to have comprehensive training regarding the systems they will be using and how best to keep company information safe.

Response

Unfortunately, attacks do occur despite the best-laid precautions. It is extremely important to respond to attacks appropriately in order to prevent further information from being accessed or manipulated.

If a certain device or your network has been breached, stop use of the device and network systems immediately. Act under the assumption that everything is compromised and avoid using any system connected with your network, even something as simple as email.

Next, contact incident response experts, like us at Liberty Business Associates. Don’t try to get information yourself, as any manipulation of data could compromise an investigation. Let incident response experts deal with data extraction and other digital forensics practices. Your monitoring systems should have a log of activity and access to the compromised. Be sure to preserve these logs for the digital forensics team to inspect.

Insider Threat

The steps above will help prevent cyber attacks from outside sources, but what about attacks from within your organization? Unfortunately, insider threat is another kind of cyber attack to prepare for. In fact, according to the IBM 2015 Cyber Security Intelligence Index, 55% of attacks came from those with insider access, 31.5% of which were malicious insiders while the remaining 23.5% were inadvertent actors. Again, the bottom line for prevention, detection, and awareness comes down to comprehensive monitoring of networks, activity, and privileged data. Many of the above steps will help prevent insider threat as well as outside threats.

Leave a Reply

Your email address will not be published. Required fields are marked *