Home » Articles » Investigative Intelligence
Articles & Reports

Investigative Intelligence

by ihc
written by ihc

Protect your systems: five cyber-attack realities to guide you


You know you’re a target. You’ve been told multiple times by various sources that cyber security is necessary to protect your company from attacks.So, you decide to be proactive in your security approach and make risk-based decisions. And yet, a Google search on the sub-ject uncovers hundreds of checklists, guidelines and products – all of which claim to solve a different cyber security concern or problem. The risks seem endless, and the solutions impossible to wade through. It might seem a daunting task, but here are five cyber-attack realities that provide a guide to your next step in managing this risk.There is no turnkey cyber security solution
There is no one off-the-shelf solution that will protect all of your systems from differ-ent types of cyber attacks. Cyber security requires an understanding of what your company needs to protect, investing the time to protect it properly and maintaining security as an ongoing process. The key to success is to balance the impact and cost of security with the actual risk posed. Kroll calls this balancing process ‘incident risk management’. Start off with an assessment of the risks in your existing systems and focus your security accordingly.

Secure your systems from both outside and inside attacks
We often see companies build strong IT protections against system attacks, but still get breached with some inside help. A good cyber attacker, when faced with defences, does not try to break through them. Instead, the attacker examines your security to uncover ways to walk right in. The lesson here is that you need to use all tools to safeguard against cyber attacks, with the most important and must-have safeguards being:
• strong external security
• in-place internal monitoring systems

Kroll has worked with numerous companies that invested in prod-ucts to block continuous attacks. What we have noted, however, is an overall lack of investment in internal monitoring of systems, or what we call ‘end point threat monitoring’. This monitoring involves using software to record user activities within a network and flag any activity that may be indicative of an attack. Failure to have end point threat monitoring in place can expose you to:
• an attack that lasts longer and is harder to catch
• a deeper attack resulting in more data loss
• no early warning signs to prevent an attack
• a type of attack with costly repercussions
• significant legal and regulatory liability

Data loss is a symptom of a bigger problem – investigate
The fact that your company has lost data is the symptom of a larger problem, not the disease itself, and it is important to find the source of the problem. It could be an external hack, employee malfea-sance or poor internal controls allowing for negligence. Data loss requires an investigation, not just notification regarding the issue to affected customers, where this is required. You need an investigation not only to find the source, but also to explain to the regulator (where required) how you fixed the problem.

The attacker often stays in your system after the attack
Always assume that the attacker is still in your system. The goal of online attackers is to stay within a system for as long as they can. If they are driven out, they try to come right back in, often with user accounts they had set up on the system. Attacked networks need to be monitored until all users and processes are validated. End point threat monitoring is a key part of that solution.

Cyber fatigue is real, but not an excuse for inaction
It’s easy to become fatigued at the thought of cyber security. With so many things to do and learn, you can lose sight of the benefits. If the process does become too overwhelming, remember this: each step your company takes to protect itself makes it that much more difficult for attackers, who will move on to an easier target – one without as much security in place. Don’t worry about per-fection. Rather, make sure you are hitting the standards, protect-ing key systems and planning to learn and grow. The more attempts you make at cyber security, the better your chances are at staying protected.

Email: jfairtlough@kroll.com
Website: www.kroll.com

This site is registered on Toolset.com as a development site.