Post Published On:
Recent geo-political tensions in the Middle East region have put organizations in the region on high alert against potential backlash in the form of cyber-attack. 2019 saw 14 cyber-attacks targeting major energy companies, British banks and LinkedIn users that were attributed to Iran by the Center for Strategic and International Studies, an American think tank.
Given the volatile nature of the events that 2020 has started off with, it is highly crucial that organizations take cognizance of the risks they are exposed to and fortify their security defenses with a view to secure critical information assets and to uphold business continuity.
Potential Threat Scenarios
- Attacks to disrupt Sectors Key to Economy: Sectors of industry that are key to the economies of nations and regions are likely to be prime targets. These include Oil and Gas, Aviation, Energy, Government, Banking and Financial Services, Telecommunications, Travel, Transport, IT, etc. Therefore, it is crucial to view and implement countermeasures against cyber threats from a nation-level mindset.
- Theft of Intellectual Property, Mission Critical Data : In today’s fast paced and innovation-driven economies, the most crucial assets to an entity are its Intellectual Property and data. Securing data in dynamic environments (data in storage, data in transit, data in use: shared locations – cloud or on-premises) is a challenge and attackers are aware of this. Therefore, most persistent threats take the form of multifaceted attacks to compromise systems and ex-filtrate data.
- Spear Phishing Campaigns: Email is the most common threat vector, and advances in social engineering vectors have made this channel ever more vulnerable to compromise. Cyber Security professionals are urged to focus efforts on holistic and well-structured awareness and training for users.
- Websites being Defaced: Company websites are under attack, and breaches may result in significant damage to brand reputation. In addition, this may lead to significant financial loss if time-sensitive portals like an online banking platform face down-time.
- Ransomware Attacks: Disruptive attacks such as ransomware can severely hamper the productivity of an entity, negatively affect the balance sheet, and worse yet, result in immense loss of critical data.
- Spyware attacks: This type of attack (unwanted software that snoops on endpoint internet activity) has been on the rise in recent times. Compromised machines are a serious cause for concern, as this opens avenues for other types of attacks.
Suggested Remedial Actions Risk Assessment
Risk Assessment is the process of identifying potential hazards and risk factors that may impact business continuity, i.e. have financial or operational ramifications. Having a clear picture of the risk factors and its likely impact, enables you to adapt and secure. It is therefore essential to employ a robust strategy for risk assessment and have timely checks to confirm and update relevance.
- Network Security: Network security methods and mechanisms are needed to secure IT infrastructure components. Organizations must stop attacks at the network layer: deploy and integrate appropriate sandboxing solutions, firewalls, and packet capture and pattern matching technologies.
- Data Protection: Data protection is the means by which an entity can protect critical data assets and prevent intentional or unintentional data leakage. Industry sectors with critical data, must especially focus efforts on working closely with security teams responsible for DLP solutions, encryption, email security, and data discovery checks.
- Anti-malware : Most cyber-attacks include malicious executable files in the form of email attachments as part of a spear phishing campaigns, or downloadable files from compromised websites. Security teams should align, consult with solution providers for a best fit model relevant to their infrastructure to install and deploy anti-malware technologies – endpoint protection platforms and endpoint detection and response (EDR).
- Patch Management: Patch management solutions provide a platform for addressing vulnerabilities by patching and keeping software and applications up to date with the latest and most relevant releases (emphasis on security patches). IT administrators should carry out a through subject matter study of network assets and endpoints and implement patch management solutions as per requirement and finally, perform a thorough check of IT hygiene to ensure all systems reflect business and security objectives.
- Training and Awareness: As with most things Cyber Security – user awareness is a crucial factor. Have a good regiment for continuous learning and training programs and schedule timely programs aimed at education of cyber threats and how to be vigilant against them.
- On-going Testing (VA and PT): Vulnerability Assessments and Penetration testing (VAPT) is the process of identifying and uncovering vulnerabilities in computer systems. Several such forms and techniques are available, ranging from automation tools for scanning across applications to full-fledged human orchestrated penetration testing, i.e. red teaming activities etc. This type of testing forms a good foundation for security teams to drive discussions around improving security posture and therefore must be incorporated in progressive and structured Cyber Security plans.
- Monitoring (SOC, Log Management): SOC teams are a great asset, make sure to utilize these resources effectively. For smaller/start-up entities: consider working with an MSSP and develop a plan to secure critical data and systems. Working with SIEM solutions are a great starting point and gives a “bird’s eye view” of the infrastructure for real-time monitoring of security events.
- Crisis Management and Incident Response: Performance under duress is major contributing factor to the success of a SOC team. Having hands-on practice and exposure to realistic simulation drills to attack scenarios better enables professional to be prepared for cyber-attacks. A good strategy to employ regarding this aspect is to execute tabletop exercises for crisis management and remediation. Cyber Security training and gamification technologies are front runners for enabling this.
- Business Continuity Planning: This is a crucial part of “run the business” (business-as-usual) for a lights-on infrastructure of high-value components, with minimal room for downtime. To pursue this, the tactical approach is to follow scheduled and predefined industry best practice for backing up your valuable data (high availability). Another vital factor to consider is disaster recovery plans and risk mitigation approaches (in-line with business objectives and management/stakeholder approvals).