The flood of reports about current cyber attacks shows how vulnerable companies are. Active security management helps companies/businesses to limit damage and quickly return to normal operations.
The flood of reports about current cyber attacks shows how vulnerable companies are. Active security management helps companies/businesses to limit damage and quickly return to normal operations.
In recent weeks, the number of public hacks and data thefts that have become known through media reports has increased dramatically. Ransomware called “WannaCry” impacted businesses around the world.
The malware encrypted files, forcing hospitals in Great Britain, for example, to cease operations. The display boards at Deutsche Bahn failed. Honda had to take production facilities offline. In addition, speed measurement cameras were infected with malware. This meant that hundreds of fine notices were subsequently invalid. A short time later, a cyber attack on the British Parliament made headlines. Criminals attempted to gain access to email accounts. The initial response was for the government to inform those affected and disable remote access. She also contacted the National Center for Cyber Security to take further measures to secure the computer network. This was followed by another hack that quickly became known as “Petya”. It caused major damage in Ukraine: The monitoring systems of the damaged Chernobyl reactor and many ATMs failed because of it.
So what should companies do?
- Establishing basic security hygiene
- Proactively monitor access to critical services
- Define an incident response process and entrust it to a team
To support all of these initiatives, leaders must establish an analytics-driven security strategy based on insights from machine data. It forms the necessary basic foundation. A security information and event management solution (SIEM) is ideal for monitoring whether basic security hygiene is being maintained and for detecting “open edges”. It collects information and decision-makers can use it to analyze regular reports, for example about which systems are patched. A SIEM also provides information from scanners that check for vulnerabilities. In addition, those responsible receive an up-to-date status about the status of the endpoint security solutions. A SIEM also alerts you to noticeable security anomalies, such as a virus event or a new service being installed on a system.
When it comes to authenticating users, it is no longer enough to just rely on the built-in security of Microsoft Active Directory and its lockout policies. Companies need to take a close look at each digital service and think about how that service is vulnerable to external attacks, understanding how users log in, how they reset their passwords, and how new users are created. Companies must be able to identify the machine-generated data necessary for the relevant insights. They then have the opportunity to look at the specific patterns of the data and set up monitoring processes to proactively identify irregularities. With basic security hygiene and proactive monitoring, companies can minimize risks and in the process identify and close any gaps (white spaces) in their environments.
However, nothing in life is 100 percent certain. Therefore, companies/companies should think about potential hacks or security breaches in advance. For example, the following questions arise: What does the organizational process look like? Which employees need to react immediately? Who can provide clarity about what happened? How can we stop the attack? Who is affected? And who makes the important decisions, such as taking services offline, notifying the authorities or communicating with the media.
All of these tasks go beyond the role of an IT security system administrator. Very experienced companies/companies have already included crisis and risk planning for cyber risks within their operational planning. Those responsible must find answers to the unanswered questions in the event of a security breach. Those responsible can find information primarily in machine-generated or log data. Ideally, these should be stored in a central platform, as all sorts of questions can then be asked flexibly. With such an approach, the process becomes scalable and efficient. In a crisis, it often becomes apparent that technical security investigations become a bottleneck. The attack on the British Parliament also made it clear that one of the core requirements is to work with other authorities to answer questions. To provide additional support during security investigations, it shows how important it is to provide information quickly. In situations like these, a central platform filled with all the machine data and a quick evaluation function shows its strengths.
The EU General Data Protection Regulation (EU GDPR), which will come into force in May 2018, and the NIS Directive are intended to encourage companies to implement such concepts even more quickly. For example, violations of the EU GDPR can result in fines of up to 4 percent of the total annual turnover achieved worldwide. The EU GDPR is a European regulation that regulates the handling of personal user data. The NIS Directive aims to ensure a high level of network and information security in the EU.