Staying Ahead of the Distortion of a Cyber Attack?

64

One of the most sacred responsibilities of all cybersecurity professionals is protecting information. Company finances, customer information, sales data and product design are critical to the success of an organization. Every firewall, IDS, MFA and email protection is built to protect and stop cyber attacks.

Cybercriminals are always looking for new ways to steal from companies and individuals. Considering this fact, companies should notice the increasing number of security problems and cyber threats.

However, do most cyber security attacks happen the way they are portrayed?

Hackers will use data distortion when attacking businesses. For example, suppose criminals hack into your company’s cloud. On the same subject : When Should a New Business Start to Focus on Cybersecurity?. In this case, they can set up false documents that tell employees to transfer money from their accounts to the accounts of criminals or even further compromise their security.

A company’s loss of control over its business practices can lead to various risks, which cybercriminals are quick to exploit. More and more businesses are using artificial intelligence (AI) to improve efficiency. However, the application of unproven artificial intelligence (AI) can result in unexpected outcomes, including a greater risk of cybercrime.

A few years ago, I called on several K12 school districts as a sales engineer. My focus was on cyber security and data protection. I spent hours in meetings with school officials to discuss how to protect their data. Many laughed at the idea of ​​protecting student data. “We have other problems and no budget” became a common theme. I also learned that many school superintendents often talk to each other about actual safety violations. Most would encourage their peers to “say it all”.

Being a parent of two wonderful children and a cyber security expert, I am sick of this attitude.

Fortunately, with the passage of FERPA — the Family Educational Rights and Privacy Act (FERPA) is a federal law that gives parents the right to access their children’s education records, the right to request that the information be amended, and the right to have some control over the disclosure of personal information.

While enforcement of FERPA is left to the Department of Education, there is some sense of responsibility for data and event disclosure.

With the Shanghai hack showing possible ease of use in stealing more than a billion records, have cyber security operations failed? Well, that depends on who you believe.

The hacker who claimed to have exfiltrated the data demanded $200,000.00 in bitcoins or the group would release the name and addresses of more than a billion citizens in China. Distortion or reality? Cybersecurity professionals have faced this challenge for years.

Growing Attack Vectors — True or False Flag?

Ransomware, management console attacks and phishing continue to expand into new attack surfaces in organizations. Even with advanced AI and ML, data exfiltration, account takeover, and denial of service attacks will continue to impact. What critical steps can SecOps, Netops, and DevOps, along with business continuity, take to communicate?

In the case of ransomware, should an organization pay the ransom? Should the organization release a public statement confirming the event within the time frame prescribed by law? Should the organization publicly deny the event as a possible smear campaign? Will cyber insurance continue to be an option organizations can rely on?

Ultimately, it is critical to have a communication plan designed to minimize information distortion. Sending the right message to employees, partners and shareholders helps reduce the additional drama they cause themselves while informing the parties of the truth.

Some organizations show greater responsibility for managing a cyber event. Others hide in the shadows, hoping no one will find out. We live in a connected world; everyone knows more than we do.

Early detection of events helps avoid distortion. Hackers and cybercriminals can distort the hacker’s facts when the actual damage may have been minimal.

What can organizations do?

Invest in security monitoring, response and proactive controls. Collect your data Classify your data and set containment Leverage the MITER ATT&CK framework as a threat hunting tool — Know where and how attacks are happening. Use Lockheed Martin’s kill chain process — find out how the attack happened (if it happened)

Knowing what happened, how it happened, and if it happened is the best way to combat distortion hacking.

until next week,

John

Comments are closed.