Is your organization prepared for targeted cyber attacks?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.scmagazine.com/is-your-organization-prepared-for-targeted-cyber-attacks/article/398523/

Without a doubt, hackers are becoming more sophisticated, well-organized
and mission driven. They are increasingly using advanced persistent threats
(APTs) methods and every tool at their disposal. As the digitalization of
the economy and the Internet of Things (IoT) continue to advance, hackers
are finding new attack vectors to exploit and it is becoming harder for us
“security professionals” to defend our organizations.

APTs are sophisticated, targeted, well-organized attacks, often aimed at an
organization's most valuable assets. Because of the skillfulness of these
smart attackers, APTs are much more difficult to detect and prevent than
traditional security threats. These advanced threats require the
information security function to rethink its approach to operations.

The pressure is on! Is your organization prepared? Many enterprises have
not kept pace and lack the necessary fundamentals required to prepare and
plan against simple cyber attacks, let alone advanced and targeted attacks.
To prepare for targeted attacks, keep these three important priorities in
mind:

First, build your organization's intelligence capabilities to get a better
perspective of threats, think Big Data. Most organizations recognize the
need to improve analytics to combat APTs. However, many analytic programs
fail because they collect vast amounts of data without a clear sense of how
the data will be analyzed to produce actionable information, let alone
having the adequate amount of resources to review the data. To build a
successful analytics programs, your organization should be realistic about
how data will be analyzed for insight into security weaknesses. At the end
of the day, your analysis process helps in driving decisions about which
data and how much data should be collected and reviewed.

Second, revamp your security controls. Most traditional information
security controls focus on conventional threats. This makes them
less-suited to defend against the specific attacks used by advanced
threats. Rather, you should align controls to a threat-based framework,
such as the kill chain, for example. This will allow you to easily conduct
gap analysis on advanced threats and build your defense lines.

Third, develop a better approach to manage threats. This requires the
information security organization to change focus from known
vulnerabilities to understanding high-targeted threats. With this
transition, you must integrate a new set of activities in gathering
intelligence, conducting threat analysis to identify new and existing
threats, and disseminating information to prevent future attacks. This
requires security teams to build their capabilities that enable
intelligence collection and threat detection. In certain cases, this may
require you to restructure new security teams in ways that will allow them
to share resources and information with other teams and, in some cases,
other organizations.

A practical approach to intelligence gathering is identifying evidence of a
recent attack in existing logs or identifying what kind of logs would
record an element of a known attack. Then expand ways to detect it by
identifying what other tools or resources could have detected the attack.
Once you have identified the tools, try applying the process to other
threats by using an informed approach to collect data and design search
queries. The results will produce quick wins that will support further
investments and allow time for staff to build expertise.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!