[BreachExchange] No One Is Safe And Why You Should Be Worried
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Dec 21 22:33:32 EST 2020
https://www.forbes.com/sites/emilsayegh/2020/12/21/no-one-is-safe-and-why-you-should-be-worried/?sh=a1c5abf68dea
It looks like we’re closing out 2020 with significant cybersecurity
incidents, with forthcoming implications that have critical importance
across the world. For example, reports are coming in about cyber attack
operations carried by state sponsored threat actors against bodies that
manufacture, plan to distribute, and validate Covid-19 vaccines, as well as
the U.S. Department of the Treasury, U.S. Department of Commerce, the
Pentagon, and NASA. As the CIO of Johnson & Johnson, a Covid-19 vaccine
research and development company, described it, cyber attacks against their
company are now being registered “every single minute of every single day.”
Around the nation, schools are under continual cyber attacks as well, at a
time when classrooms are challenged in remote classroom situations. An
entire school district in Baltimore had to shut down due to a ransomware
attack the day before Thanksgiving. A ransomware attack was behind a
month-long medical records digital system shutdown at the University of
Vermont Medical Center. No target is off limits, and lawbreakers are taking
advantage of the vulnerable dependence on virtual technologies due in part
to the global pandemic. There are nation-states, cybercriminal groups, and
lone wolves in this crazy mix of cyberthreats.
FireEye Hacked, Now What?
One of the well-known global leaders in information security, FireEye, was
hacked with the company’s CEO reporting that the attack was launched by "a
nation with top-tier offensive capabilities." If a leader in information
security such as FireEye—along with the Pentagon and U.S. Treasury
Department—can get hacked, we can all conclude that no one is safe.
The cyberattack on FireEye has special significance since FireEye is in the
business of defending and protecting high-profile clients from the very
sort of attack they endured. They lost data—a portion of its “red team”
tools, which they use to simulate real attacks and seek out vulnerabilities
within a company’s digital environment. The successful attack on FireEye is
an ominous achievement not simply because of the nature of business they
are in, but because they also possess a wealth of knowledge about tactics,
industry sources, as well as specific knowledge about their clients.
We would never throw stones from glass houses, however. This is not what
this is about. The real lesson here is that anyone can be hacked and the
attackers here used a "novel combination of techniques not witnessed" by
FireEye before to do it. To their utmost credit, the company has been
upfront about the incident, and they have developed and released hundreds
of Indicators of Compromise (IoC)s and detection signatures for the
community to use. The company joins the ranks of other security companies
that were compromised, including Symantec, RSA, Kaspersky, and Trend. So
they are not the first, and won't be the last.
You Are Not Safe
Nobody, not even one of the most trusted cybersecurity companies in the
business, is impervious to cyberattacks. You should be worried—we should
all be worried—and as an industry, we must do a lot more to promote better
cybersecurity.
So what is your plan? If you are running behind clever passwords and a
basic firewall, the threats are too great, too fast, and too powerful, and
the day you are hacked will arrive much sooner rather than later. Bottom
line: basic security is NOT ENOUGH.
Here is What to Do
First, throw out any notion you might have that you will be able to
completely eliminate risks. Shift those security goals around minimizing
and managing risks. That means keeping the impact of incidents low and the
efforts to resolve incidents as efficient as possible. The tools you
implement to make those goals possible is what makes it all work, including:
Complete managed security including all your end points
Encrypt EVERYTHING – in transit and at rest
Secure EVERYTHING – with dual factor authentication
Trust no one and no account (Zero trust!)
Patch, patch, and keep patching
Leverage third party specialists for audits and monitoring
Stay on top of patch management, revisit and validate alerting
infrastructure at every point of egress/ingress, use defense in depth
(layered security measures), and teach users to protect their accounts and
report suspicious events.
The Managed Proposition
Although no organization is impervious to cyber threats, two heads are
better than one when it comes to protection, detection, response, and
recovery when risks turn into realities. Managed security services are
booming for the very reasons we are witnessing with all of these threats.
New threat adversaries are everywhere, and managed security picks up the
tasks of threat detection and response, security technology management,
application monitoring, and controls, and almost all security and
compliance tasks that require more experience and resources than the
average business can provide.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20201221/2cdb45d7/attachment.html>
More information about the BreachExchange
mailing list