If hackers can compromise a major political party, then they can come after your business data or your personal information. Make no mistake: everyone is a target for hackers.
Last month, news of the compromise of the systems of the U.S. Democratic National Committee (DNC) was brought to light. More recently, there has been speculation that over tens of thousands of emails are “missing” and assumed to have been exfiltrated during the breach. Industry experts have attributed this incident to a state-sponsored cyber attack and across the four corners of the world, speculation and sharp commentary rumbles on.
What did we learn from this?
When considering the steps you must take to defend your own systems, it isn’t helpful to think about who attacked the DNC or why. The focus, instead, should be on what actually happened, what sophisticated tools or techniques were employed and, above all, think about what it means for you. The DNC might be an obvious target, but every organization, business, and individual needs to be prepared.
As we’ve seen in the news, every business and person is at risk – retail, healthcare, financial services, government, gaming, and more. These are just a few of the industries that have made major headlines.
Does your current security posture provide the defense-in-depth approach that is required to thwart the bad actors that have your business firmly in their crosshairs?
Defense-in-depth is based on the military belief that the more complex and multi-faceted a defense system is, the more difficult it becomes for an enemy to defeat when compared to a single barrier. Similarly in the information security context, this model promotes the harmonized use of infrastructure technologies (physical & virtual), architectural patterns (segmentation) and security best practices (zero trust model) to protect the confidentiality, integrity and availability of the systems and data in an enterprise. Unlike traditional point security technologies that can no longer address the increasing sophistication of attacks, defense-in-depth is a layered approach that has the ability to more effectively prevent intrusion from the beginning.
Make no mistake; your systems will be attacked. It’s not a case of if, or when, but how well you can deter and how quickly you can detect, respond and remediate.
As we’ve seen with countless other breaches over the past few years, eventually the attacks were successfully detected, and the scope of the intrusion was known. The trick is not in finding the breach itself, but in quantifying the extent of the damage. It is not uncommon for Advance Persistent Threat (APT) attacks to lie dormant, undetected for many months and so you must be ready to react in order to limit the exposure and, ultimately, retain your reputation.
As a cornerstone of your defense-in-depth strategy, educate your employees on the risks of social engineering and spear-phishing. Create programs and perform drills regularly. Your people are a human firewall. Many APT attacks are initiated from spear phishing attacks where malware is deployed as a result of someone clicking a seemingly innocent link in an email.
According to Symantec’s Internet Security Threat Report (April 2016): Cyber attackers are playing the long game against large companies, but all businesses of all sizes are vulnerable to targeted attacks. In fact, the number of spear-phishing campaigns targeting employees increased 55% in 2015.
Small businesses had a 1 in 40 (3 percent) chance of being targeted, indicating a convergence of attacks on fewer organizations. Medium enterprises had a 1 in 6.8 (15 percent chance of attack, while large enterprises had a 1 in 2.7 (38 percent) chance, suggesting a much broader focus in attacks, with a higher frequency.
Along with people, technology plays a huge role in any modern security posture. Ensure you have monitoring systems that can detect intrusions early. Be ready to respond swiftly. Review your network architecture and segment your physical and virtual systems and assets, to confine the scope of attacks.
Don’t rely solely on passwords to protect your systems – if the attacker gets a password, it makes it more difficult to filter out bad activity from normal business. This is where two-factor or multi-factor authentication must become non-negotiable for remote access and should also be considered for high-value intellectual property stored and accessed from internal devices such as company PCs.
In the case of DNC:
More than one attacker may have been involved. Every attack increases in sophistication and the bad guys don’t wait in line. Don’t be complacent and relax your guard as soon as you have dealt with an intrusion. Keep looking for anomalies and use automated responses to shut off access when anomalies are detected.
The attacks were not on the main databases. It is reported that the communication systems and research servers were attached. Watch over your less obvious systems, too. Attackers know that these are usually less protected and offer a foothold for the sophisticated malware to assemble and propagate. No single vendor can defend the broad range of systems that you use, within your organization and in the cloud. Ask your vendors what they can protect, and understand how the whole picture fits together.
The attacks were part of a broader pattern. The same types of attacks have been reported against the broader political community, including journalists and activists. Understand your own community and consider joining an intelligence-sharing partnership. It will help you focus your defense-in-depth efforts.
This time, the attacks succeeded. You need to do the best for your organization, but think more broadly. Organizations that have a mature defense-in-depth approach and can effectively detect, deter, respond and remediate from attacks are making the world a better place. That’s true, whatever your political viewpoint.