Part 2 : Landmark White Breach
The risk to your business in a cyber attack isn’t limited to remediation activities or solely to brand damage. It’s now often linked to a loss of trust with trading partners (with knock on revenue impacts), a breakdown of corporate culture which can lead to staff attrition and a real likelihood that your business will become insolvent. In Part 1 of this article, I gave the example of a real Australian business, Landmark White. Today Landmark White are battling through the impacts of multiple IT data breaches within their property valuation business in late 2018 and 2019.
Common Drivers To a Bad Outcome
The biggest drivers we see in organisations that lead to cyber related incidents and IT data breaches are:
A lack of cyber awareness across the organisation
Insufficient proactive security posture management
Limited security visibility within an organisation
Poorly deployed, or not fit for task protection technologies
A culture of “it won’t happen to us”
We’ve all heard the horror stories of social engineering or phishing emails that compromise the least IT literate members of your staff and leverage these to launch attacks against businesses. But cyber security is everyone’s responsibility, much in the same way physical security is the responsibility of all staff in a building. An active and ongoing cyber awareness program is critical in businesses of all shapes and sizes; it needs to be reinforced by (and from) the leadership in the organisation as being considered a high priority and it something everyone should be measured against.
Security Posture Management
Are you scanning your environment daily for vulnerabilities and are you on top of your patching and maintenance of applications, services and infrastructure? This is a crucial function within your business that isn’t just limited to penetration testing (though that is important) but about total lifecycle management and hygiene for all components in your IT stack, including third party providers if you use them.
Use frameworks like the ASD Essential 8 as a starting point to guide risk management activities, but don’t be afraid to cherry pick the best of NIST or CIS to get something that is right sized for your business too. These Frameworks should be seen as starting points, not shopping lists for compliance and risk needs that fit every business.
Many organisations collect logs and run a series of disparate systems to gain insights into their business’s IT function. In our time we have seen a litany of SIEM solutions growing dust in a corner, being ineffective at protecting businesses from delivering any insights let alone preventing an attack. The traditional SOC / SIEM approach is rapidly becoming overtaken by an integrated Managed Detection and Response (MDR) approach that couples SOC-as-a-Service and SIEM functionality with User and Entity Behaviour Analytics (UEBA), threat hunting and incident response capabilities as a turnkey outcome.
Can your organisation justify 24x7 “eyes on glass” to monitor your security environment and provide you the visibility that you need to detect threats in near real time? It’s often a collaborative approach with a managed service provider partner that makes the most financial sense for organisations.
Inappropriate Protection Controls
I can’t tell you how many customers we still see that run legacy AV technologies and stateful inspection firewalls and think that they are protected from cyber threats. What worked well in 2001, isn’t fit for purpose today. Many attacks sail on through email or are enabled through legacy technologies like DNS; A dedicated attacker will use any and all tricks in their inventory to get past your defences.
Building a layered security approach with next generation technologies that interoperate nicely together is critical. Technologies like Deep Learning are providing unique mechanisms to block signatureless malware and solutions like EndPoint Detect & Response (EDR) are helping detect and stop attacks in their tracks through global scale intelligence sharing and endpoint integrated protection stacks. Cloud Access Security Brokerage (CASB) solutions let you gain visibility and an ability to enforce cloud data policy no matter where you store your data or manage your workloads. Look long and hard at your IT stack and leverage what is available today and don’t be afraid to turn off what you used yesterday.
A culture change
If you think a cyber attack won’t happen to you, you may be right, but I’d wager it will only be a matter of time (if it hasn’t happened already). Our job isn’t to scare people into taking this stuff seriously, it is about helping prepare and protect our customers for the inevitable.
If you think you’re ready to start looking hard at your business and its readiness for a cyber attack, please reach out to us at Cythera. We love helping our customers protect themselves and their customers and we have solutions that fit businesses of all sizes. From our monthly subscription bundles, our professional services, to our turnkey Managed Detection & Response platform, we have a wide range of offerings to fit your business needs.
Let’s help you get started today.