[BreachExchange] Think unconventionally to mitigate risk

Audrey McNeil audrey at riskbasedsecurity.com
Fri Mar 30 10:06:11 EDT 2018


https://www.computerworld.com.au/article/635525/think-
unconventionally-mitigate-risk/

Taking a conventional approach to security is typically about “keeping the
bad stuff out” of your network, whether it be spam, viruses, malware, DDoS
attacks, or any number of other common threats. But in today’s constantly
evolving threat landscape, conventional is not enough.

Proactively assessing your security posture and focusing on mitigating risk
on a constant basis is crucial. Not only will this reduce the probability
of an attack actually happening, but it will also enable the ability to
remediate and recover your business quickly in the event of exposure.

So, how do you take this approach?

1. Mitigate the risk posed by targeted email attacks

Spear phishing and business email compromise (BEC) attacks are highly
targeted and researched attacks where criminals typically attempt to
defraud individuals and lead them to transfer money or share credentials.
Criminals engage in casual conversation with victims through email in an
attempt to gain their trust before actually doing anything malicious. In
many cases, criminals gather background information on victims through
social media, which helps make their efforts more convincing.

The success criminals are experiencing makes targeted threats one of the
highest risk vectors for organisations. The FBI estimates that more than
US$5 billion has been lost to BEC in recent years. The real challenge for
security is that traditional solutions, such as email security gateways and
anti-virus solutions, fail to detect these attempts because the messages
don’t contain malicious links or attachments. To mitigate the risk of
targeted email attacks, an entirely new approach needs to be taken
leveraging less traditional methods.

Artificial intelligence (AI) is increasingly been used to provide messaging
intelligence to determine whether an email is part of a spear phishing
attack with a high degree of accuracy. Domain fraud protection using DMARC
(Domain-based Message Authentication, Reporting & Conformance)
authentication is also been used to monitor data on domains and get
actionable insight on legitimate and fraudulent usage of a domain. Another
approach is to use fraud simulation training for high risk individuals to
periodically and automatically train and test security awareness with
simulated attacks.

2. Mitigate the risk posed by careless or untrained users

Your users sit on the front lines of ever increasing email-based threats
like phishing, ransomware, and malware. As hackers become more
sophisticated and prevalent, users need to be aware of the threats and able
to easily recognise malicious emails. Email security is not just the
responsibility of IT – it’s the responsibility of every employee in your
organisation.

Part of mitigating the risk means having the ability to provide regular
security training to test employees and increase security awareness of
various targeted attacks. Simulated targeted attack training is the most
effective form of training. Focus on training high-risk individuals, not
just senior executives. Turn your users from part of the attack surface to
part of the solution.

3. Mitigate the risk posed by rapid application development

Identifying and remediating application vulnerabilities while maintaining
development agility is sometimes challenging. This is particularly true
when adopting cloud platforms like AWS and Azure that enable rapid
application deployments.

Unfortunately, your applications can act as a significant vector for
today’s advanced threats. A single unpatched vulnerability can let an
attacker penetrate your network, steal or compromise your (and your
customers’) data, and profoundly disrupt your operations. Vulnerabilities
in your websites and other public-facing applications can lead to costly
data breaches and infiltration. Proactively check for vulnerabilities
regularly in your sites and applications.

4. Mitigate the risk of data loss

Sometimes you can do everything right in your approach to security and
still have something ugly happen — like have your data lost or held for
ransom. That’s why there’s one important step you should take to mitigate
the risk of data loss. Protect it. Implement a data protection strategy
that not only includes a backup plan, but one that allows for easy recovery
as well.

If criminals encrypt your files with ransomware, you’ll be able to
eliminate the malware, then delete the encrypted files and restore them
from a recent clean backup. The whole process can take as little as one
hour, allowing you to get right back to business, and leaving the criminals
empty-handed.

By taking these proactive steps to mitigate the security risks in your
organisation, you’ll greatly reduce the attack probability, and have the
ability to remediate and quickly recover in the event of exposure. Being
truly secure requires a lot more than just focusing on keeping the bad
stuff out. Instead learn how to mitigate the potential risks before they
ever come your way.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180330/038f4028/attachment.html>


More information about the BreachExchange mailing list