 |
| How the threat landscape has changed. It is now a more complex world that requires different security approaches. |
The secret to effective cyber resiliency, says Alvin Rodrigues, Asst VP, Security Strategist, APAC, Fortinet, boils down to preparation.
Different types of attackers will need different cyber protection approaches, for instance, Rodrigues said at the Fortinet Security 361° symposium in Singapore, introducing five basic threat actors with different motivations:
- Unsophisticated attackers (script kiddies), who are out to amuse themselves;
- Hackers, after any information of value;
- Insiders, with corporate espionage in mind
- Cyber gangs, also after information of value;
- State-sponsored hackers, out to gain political, military or competitive advantage or to manipulate markets
 |
| Source: Fortinet. |
He also shared a risk map from Hackmageddon that showed 22.27% of attacks recorded between January 2015 and March 2016 are motivated by hacktivism, whereas 66.44% are motivated by cybercrime. Of the remainder, 9.01% are attributed to cyber espionage, and 2.18% to cyber warfare.
Whatever the objective, cyber criminals will look for the lowest hanging fruit, Rodrigues said. Building a cyber-resilient company involves making attempted cyber attacks as painful, difficult and expensive as possible, he said. Fundamentals include getting the basics right, protecting the 'crown jewels' properly, and that if attacks do get through, that they can be managed and that the company can recover to continue operations.
 |
| Source: Fortinet. These steps cover readiness before an attack; procedures during an attack; and also what to do after an attack. |
The first phase of cyber resiliency, before threats are discovered, is to move from perimeter-based protection to asset-based protection, plus add mechanisms to deal with security breaches. Be ready and prepared; network visibility is critical, Rodrigues said. "(If you know) everything that's happening in the corporate network - then you can manage it," he said.
Regular audits and war games - tests on the network to see if they live up to their reputation are part of the visibility equation. "Spend on the right technology, and on testing them," he said. "Track and monitor everything so you know what is normal."
Other tips to being ready for attacks include keeping patches up to date, consulting external threat intelligence, putting priority on protecting the crown jewels, preserving a positive customer experience, conducting regular audits as well as educating employees. "If you believe that you are secured then you should always test to make sure you are secured, don't leave it to chance," he said.
 |
| Rodrigues. |
Rodrigues also highlighted that board members should be concerned. "Stakeholders want someone to shoot when something goes wrong," he explained, listing high-profile cases such as Sony in which a security breach had led to leadership replacements.
The next phase of cyber resiliency is to develop responses after a threat has been discovered. Employees should be trained on what to do if they discover an attack in progress, for instance. "Is there a response mechanism to help?" asked Rodrigues, suggesting that there should be a hotline number to call in the 'discover and respond' scenario.
Situational assessments can guide the necessary lockdown measures which should be taken. An incident reporting strategy is important, Rodrigues emphasised. "If you don't have this fire drill up front, you won't know what to do. Your ability to stop and contain is severely hampered. You don't know what to stop or lock down," he warned.
A crisis communications strategy needs to be in place, or the company looks disorganised. The strategy may include which authorities to notify, as well as plans to contact media. "You must communicate to the media or else media will communicate (for you) and it will go out of control," he explained.
Working to recover quickly is the next stage of cyber resiliency. Damage and threat assessments need to be completed before the system restoration; stakeholders have to be updated, and a claims process initiated. "Scan to make sure you have a clean environment. The last thing you want is to do a system recovery and (hackers) come back and attack you again," Rodrigues pointed out.
Finally, review, improve, and adapt. Data forensics can show what went wrong, and how to protect the company better in future, Rodrigues said.
Working on a predictive strategy is ideal, Rodrigues said. "It is better for you to know now than when an attack comes in. You want to be in the state of proactiveness," he said. "Move from the defensive/responsive to proactive. Some go so far to go on offensive - working with law enforcement to apprehend the perpetrators. Stopping malware doesn't stop the people behind it."
Rodrigues also said public-private partnerships (PPP) can shine here. Instead of individual companies working on problem resolution alone, there are now national-level computer emergency response teams (CERTs) can help, vendors, and government agencies. "Governments are taking a more proactive role, partly to protect the industries that fuel national economic growth," he said.
Interested?
Read the other TechTrade Asia blog posts from the Fortinet Security 361° symposium in Singapore:
The reality of ransomware and Wi-Fi spoofing
1H16 threat intelligence from Fortinet
No comments:
Post a Comment