The Weakness of the Defender is the Strength of the Attacker

Ale Espinosa If hockey or soccer teams consisted only of forwards and goalies, games would turn into a sequence of nonstop penalty shots and we would get bored watching them in no time. That is why teams have defenders, and just like in cybersecurity, the outcome depends less on the skill of the attacker and more on the readiness of the defender.

That was one of the key statements on this year's Verizon Data Breach Investigations Report. Three quarters of cyber breaches examined in the report were rated "low" or "very low" when it came to difficulty of initial compromise – meaning that basic methods like automated tools and scripts requiring little to no resources or customization were used to infiltrate the victim's network. After all the investment you’ve made in creating precisely the right security architecture, you might think it would take the work of a skilled hacker to penetrate your systems. Fact is, it may not.

The motive behind most of the attacks was to gain access to financial data or systems, and involved activities such as brute force, stolen credentials, phishing, and tampering of systems to either retrieve or restrict access to data.

So what can you do to strengthen your defense skills?

Do not rely solely on the "goalie": Perimeter security has proven helpful in detecting and stopping known threats. But when it comes to new, morphing or insider threats (think zero-day viruses, polymorphic worms, or the employee who uses their credentials to grab data before they leave the job), perimeter security solutions stand no chance. Tools that help you visualize your endpoint data and analyze the vast intelligence stored in them can prove helpful in detecting anomalous behavior and signs of intrusion breach that would have otherwise gone unrecognized by firewalls, antivirus software, and other solutions. You cannot rely only on the goalie to keep the ball or puck from getting in, just as you cannot rely solely on perimeter security to keep your systems and data safe.

Adjust your strategy: The attacker scored, what now? Your incident response team must be trained, ready, and outfitted to immediately address and remediate cyber breaches, right when they happen. The moment to determine whether you have the right tools or team in place to address these attacks is before you are breached, not after. This is why it is so important to act under the assumption that an attack is inevitable. Solutions like EnCase® Cybersecurity facilitate incident response, triage, and remediation of security breaches, as well as sensitive data auditing and removal from unauthorized locations. Having it in place before your systems are compromised will help reduce the time an attacker spends in your network, limit damage from a breach, and get your systems back to normal.

To learn more about this year’s Verizon Data Breach Investigations Report, visit http://www.verizonenterprise.com/DBIR/2013/. To learn more about EnCase Cybersecurity, click here.

No comments :

Post a Comment