Stay ahead of the distortion of a cyberattack?

One of the most sacred responsibilities of all cybersecurity professionals is the protection of information. Company financial data, customer information, sales records, and product design are all critical to the success of an organization. Every firewall, IDS, MFA, and email security is designed to protect and stop cyberattacks.

Cybercriminals are always looking for new ways to steal from businesses and individuals. Considering this fact, companies should take note of the growing number of security issues and cyber threats.

DevOps Connect: DevSecOps @ RSAC 2022

However, do most cybersecurity attacks happen as described?

Hackers will use data distortion to attack businesses. For example, suppose criminals hack into your company’s cloud. In this case, they can upload fake documents instructing employees to transfer money from their accounts to the criminals’ accounts or further compromise their security.

A company’s loss of control over its business practices can lead to a variety of risks, which cybercriminals are quick to exploit. More and more companies are using artificial intelligence (AI) to improve their efficiency. However, deploying unproven artificial intelligence (AI) could lead to unexpected results, including an increased risk of cybercrime.

Years ago, I served several K12 school districts as a sales engineer. I focused on cybersecurity and data protection. I used to spend hours meeting with school officials to discuss how to protect their data. Many laughed at the idea of ​​protecting student data. “We have other problems, and no budget” became the common theme. I also learned that many school principals often discuss real security breaches among themselves. Most would encourage their peers to “deny everything”.

As a parent of two wonderful children and a cybersecurity professional, this attitude made me sick.

Fortunately, with the passage of FERPA – The Family Educational Rights and Privacy Act (FERPA) is a federal law that grants parents the right to access their children’s school records, the right to request modification of records and the right to have some control over the disclosure of personally identifiable information.

Although enforcement of FERPA is left to the Department of Education, there is some sense of accountability for data and disclosure of events.

With the Shanghai hack showing the usability possible to steal over a billion records, have cybersecurity operations failed? Well, that depends on who you believe.

The hacker who claimed responsibility for the data exfiltration has demanded $200,000.00 in bitcoins or the group will release the names and addresses of over a billion citizens in China. Distortion or reality? Cybersecurity professionals have faced this challenge for years.

Growing Attack Vectors – True or False Flag?

Ransomware, management console attacks, and whale phishing continue to spread to new attack surfaces in organizations. Even with advanced AI and ML, data exfiltration, account takeovers, and denial of service attacks will continue to have an impact. What critical steps can SecOps, Netops and DevOps, and Business Continuity take to communicate?

  • In the case of ransomware, does the organization have to pay the ransom?
  • Does the organization have to issue a statement to the public confirming the event within the time period required by law?
  • Should the organization publicly deny the event as a possible distortion campaign?
  • Will cyber insurance continue to be an option that organizations can rely on?

Ultimately, having a communication plan designed to reduce information distortion is essential. Sending the right message to employees, partners, and shareholders helps reduce additional self-inflicted drama while keeping parties informed of the truth.

Some organizations demonstrate greater responsibility in managing a cyber event. Others hide in the shadows, hoping no one will find out. We live in a connected world; everyone knows more than we think.

Early disclosure of an event helps anticipate distortion. Hackers and cybercriminals may misrepresent the facts of the hacker when the actual damage may have been minimal.

What can organizations do?

  • Invest in security monitoring, response and proactive controls.
  • Collect your data
  • Classify your data and set retention
  • Leverage the MITER ATT&CK framework as a threat hunting tool – Know where and how attacks are happening.
  • Leverage the Lockheed Martin Kill Chain Process – Know how the attack happened (if it happened)

Knowing what happened, how it happened, and if it happened is the best way to combat hacker warp attacks.

Until next week,

John

Comments are closed.