[BreachExchange] Why Early Detection of Cyber Threats is Crucial

Audrey McNeil audrey at riskbasedsecurity.com
Wed Jan 23 16:04:12 EST 2019


http://pctechmag.com/2019/01/why-early-detection-of-cyber-threats-is-crucial/

There are estimates that by the end of 2019, data breaches and cyber
attacks will have cost businesses $2.1 trillion. This is around four times
the amount that businesses lost in 2015, so it’s clear that online security
is more essential than ever before. It seems as if no business is safe,
with hackers targeting everyone from small businesses to banks. Prevention
is always going to better than the cure, but knowing how to react when you
suspect a data breach is essential. The faster that you respond to a cyber
attack, the more that you can minimize the fallout. As businesses become
more reliant on hard data, it’s vital that you understand just why early
detection is important, and how it can help you reduce the impact of a
cyber attack.

The Kill Chain

Back in 2011, the Cyber Kill Chain was defined, and it has become the model
for helping to identify when a data breach is occurring and providing a
standard response to any threat. The key steps are:

- Reconnaissance: Make sure that you get as much information about the
breach as possible.
- Weaponization: Identify the right tools that you can use to stop deeper
access. Using professional resources like the information from mcafee.com
highlights the transition from traditional online security to more modern
tools.
- Delivery: Launch your protection response.
- Exploitation: Finding security gaps in the attacker’s systems and using
them to prevent more access.
- Command and Control: Using remote commands to protect systems that are
under attack.
- Actions: Updating objectives and knowing whether you need to destroy
sensitive data, remove it, or encrypt it.

This kill chain, when used proactively, can be used to highlight a cyber
attack very quickly, and will minimize your exposure to potential threats.

Data Breach Response

It’s important that you do not panic should you recognize the signs of a
cyber attack. Staying calm will help you work through the processes and
ensure that any ongoing threat has some level of damage control. You should
also consider the following additions to your security processes:

- Have a response team: Ideally, you want your response team to consist of
IT professionals, but having a more diverse skill set that includes HR and
customer service will only make your team stronger and more flexible.
- Have Back Up: If you’re using cloud platforms or your in-house servers
have come under attack, it’s vital that you transfer your data to a backup
server. This will allow you to continue workflow without interruption. As
your more vulnerable IT is under attack, your team can be working to
minimize the effects of it even as your sales team continues to generate
profits. Early detection will ensure that you minimize exposure time to the
threat.

Trying to prevent an attempt at a data breach is very difficult, and that’s
why your priority should be knowing how to recognize the signs. Early
breach detection is as important a consideration as overall security, and
could make the difference between a hack that costs you your business and
one that simply frustrates you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20190123/e3b4f18d/attachment.html>


More information about the BreachExchange mailing list