Using the right mix of technology and expertise, SMBs and professional services organizations must include cyber security in their corporate agenda. Whether it is your corporate website or internal servers, the increased level of security threats identified by the researchers and confirmed every day by IT vendors in the field, are that regardless of size, every organization is vulnerable and far too many are unprepared for a cyber-attack.
Among the top recommendations to protect networks, we have identified the following:
- Treat emails from unexpected contacts containing file attachments (ZIP, EXE, etc.) carefully – most likely they are virus or malware infected
- Protect credentials for VPN and RDP with two-factor authentication to limit risk in the event of stolen credentials, as stolen credentials is at the heart of every attack
- Manage carefully privileged accounts and use unique, strong passwords (auto generate your passwords and store them securely using tools like KeePass)
- Use up-to-date (not self-generated) Security Certificates (SSL) to protect client-server communications, however, deploy tools to monitor and inspect SSL traffic
In the event of a compromise, understanding the scope and extent of the breach is key when formulating a clear and concise communications strategy. Your stakeholders or clients will want to know details of the incident, but responding to questions without a deep understanding of the incident will only result in having to correct and qualify past statements.
Among the top questions you should be prepared to answer are the following:
- How did the attacker gain initial access to the environment?
- How did the attacker maintain access to the environment?
- What is the story line of the attack?
- What data was stolen from the environment?
- Have you contained the incident?
If your organization is the target of a cyber-attack directed at stealing corporate data, determining and identifying key information of external and competitive interest is paramount in designing protections. Since not all cyber-attacks have the same goal, your team must scrutinize the attackers’ intent and motivations, not just identify the attack avenues, tools or techniques employed. This will result in a better understanding of the incident and will serve as a starting point when evaluating protection measures in the future.
M-Trends 2015: A View from the Front Lines, Mandiant
ITS Advice and Guidance, Communications Security Establishment, Government of Canada