Posts

Cybersecurity Incident Response – More Than Remediation

Cybersecurity Incident Response – More Than RemediationWhat does remediation mean? If you look up the root word ‘remedy,’ you’ll see it’s defined as “a treatment for an injury or disease,” or “a means of eliminating or counteracting something that’s undesirable.” In terms of cybersecurity incident response, remediation means addressing a breach in the most effective way possible to limit the amount of damage that can potentially be done to the organization being targeted. In reality, cybersecurity involves so much more.

Unfortunately, far too many of the cybersecurity incident response plans that are in place today merely act as a Band-Aid to the problems that exist currently. For example, many remediation solutions initiate an automatic kill process. What they don’t take into account, however, is whether the underlying threat happens to be persistent (APT) or capable of propagating. They also routinely fail to verify whether the threat is entirely contaminated or not.

Going back to the original definition of the word remedy, let’s say you were suffering a fever. You could take an over the counter remedy, such as Tylenol, which would effectively reduce the fever. Or, as a better alternative, you could take a prescribed antibiotic, which would address the actual cause of the fever. One option simply tamps down or places a Band-Aid over the problem while the other gets to the root of the problem.

Applying this to cybersecurity incident response, the best approach should dig deeper to find and eradicate the actual cause of the underlying threat, such as locating the malware and other malicious files that caused the breach. Without this extra step, your organization is left vulnerable to the virtually immeasurable damages that can be caused if the true issue isn’t taken care of properly.

To truly remediate a cybersecurity incident, you must first identify it and gather as much relevant information about it as possible. That information must then be adequately analyzed to determine what type of threat you’re dealing with and its potential impact. To give you an idea of what type of ‘relevant’ information we’re talking about, start with the following:

  • What systems have been affected?
  • Which process is allowing the issue to continue?
  • What are the characteristics of the incident?

Only when you have a clear and accurate understanding of what you’re up against can you properly address and remediate it. It can be helpful to think of cybersecurity incident response as a process rather than a specific solution. The fact is, today’s cyber threats are evolving and becoming more dynamic and complex by the day. Simply preparing in advance for possible scenarios isn’t enough anymore. Current day cyber-attacks require immediate response.

Effective cybersecurity incident response cannot be static. It must adapt alongside the changing threat landscape. It requires deep research and data analysis in every step of the process. In other words, it requires a certain degree of intelligence. That’s where automation comes into play. The right automated cybersecurity incident response plan should leverage advanced technology, such as machine learning, that will both address the need for round-the-clock monitoring and response as well as adapt intelligently over time.

Is your current remediation strategy simply a Band-Aid for the real problems plaguing your organization? We invite you to experience the power of intelligent automation, designed to address and evolve along with the modern threats businesses face today.

Click here to try Ayehu free for 30 days.

How to Get Critical Systems Back Online in Minutes

If Only HBO Had Automation…

If Only HBO Had Automation

Photo: HBO

A few days ago, cable television network HBO confirmed that someone had hacked into their servers and gained access to a significant amount of data. Among other things, the cyber sleuths appear to have gotten their hands on scripts for upcoming episodes of the wildly popular series Game of Thrones. Unfortunately for network (and its droves of faithful followers), details of never-before-seen footage has now been published all over the internet.

“HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information,” the company said in a statement.“We immediately began investigating the incident and are working with law enforcement and outside cybersecurity firms. Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold.”

The total extent of the damage has yet to be discovered, but according to the hackers, the amount of data stolen is upwards of 1.5 terabytes. This would indicate that the Game of Thrones script isn’t all the company has to worry about. Chances are these criminals also got ahold of other sensitive data, including that associated with employees and other financials. So far, those behind the attack have been leaking the data online in dribs and drabs. It also appears they’re taunting the network in the process:

“Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones……!!!!!! You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread the words. Whoever spreads well, we will have an interview with him. HBO is falling.”

Obviously HBO executives aren’t thrilled about having the plot line of one of their biggest shows leaked for all to see, but in reality the real problem they’re facing is what will happen should things like internal emails and personal information of employees and possibly even customers also end up being leveraged. A similar situation occurred just a few years ago when Sony was hacked, and the company is still cleaning up the mess. If HBO’s hackers are telling the truth, this breach could be much more significant.

Had HBO employed the use of automated cybersecurity incident response, there’s a good chance that we wouldn’t be writing about this situation right now. The fact is, as many big name corporations have learned the hard way, monitoring systems simply aren’t enough. And while the details of exactly how the hackers were able to gain access haven’t yet been released, if the network had a more sophisticated defense in place, chances are they would have been discovered and stopped right away – possibly before they had the opportunity to grab the data and go.

With a cybersecurity strategy that’s powered by intelligent automation, HBO could have deployed an army of robots, standing watch 24 hours a day, 7 days a week, 365 days a year. This technology is capable of fielding hundreds of thousands of incidents with speed and precision, quickly detecting potential attacks and automatically responding to eradicate the problem and mitigate damages. Savvy hackers who manage to find their way in are stopped in their tracks, before they have the chance to wreak havoc.

These situations serve as an important reminder that nobody is safe from cyber-attacks. They also serve as a great opportunity for business leaders to reevaluate the current state of their cybersecurity posture.

If you aren’t 100% positive that your defense is strong enough to withstand an attack like the one that HBO has suffered, the time to take action is now – before you end up becoming a victim. You can start by laying a strong foundation and using technology to fight fire with fire. Click here to launch your free 30 day trial of Ayehu and be proactive about keeping your organization safe.

What Happens in a Ransomware Attack?

What Happens in a Ransomware Attack?According to Cisco, ransomware is the most lucrative form of malware in history, and attacks are only expected to get worse, both in terms of the number as well as complexity. Hackers who once used ransomware as a tool to extort money from individuals are now leveraging advanced tactics to compromise data from large corporations with the intention of selling it for a profit.

We’ve talked at length about how to respond and recover to a ransomware attack, but it can helpful to understand what exactly such an attack entails. Insight like this can improve employee education. Knowing the various phases of an attack, along with best practices for preventing them, is key to avoiding costly and time consuming remediation.

That said, let’s take a look, step by step, at what happens when a ransomware attack is initiated.

Step 1 – Initial Infection (Estimated time: 1-2 seconds)

Most ransomware hackers gain access to a target network via social engineering, such as a phishing email. Educating employees on how to spot a phishing scam can dramatically reduce the risk to your organization by preventing successful breaches before they occur.

Step 2 – Execution (Estimated time: 0 – 5 seconds)

Once a malicious link is clicked or infected file opened, the ransomware is able to gain a foothold, quickly infiltrating the network and locking up files. In a matter of seconds, malware executables are released into the victim’s system where they begin to quickly wreak havoc.

Step 3 – Backup Corruption (Estimated time: 5-10 seconds)

The next step involves the ransomware virus targeting backup files and folders. This prevents the user from being able to backup corrupted files, which is what makes this type of malware so profitable. Victims often have no choice but to pay the fee or risk losing all of their data with no way to replace or restore it.

Step 4 – File Encryption (Estimated time: 10 seconds – 2 minutes)

Once the victim’s backups are successfully removed, the ransomware then executes a secure key exchange with the server, thereby putting encryption keys in place.

Step 5 – User Notification (Estimated time: 2-15 minutes)

With the victim’s backup files gone and the encryption successfully established, the final phase involves notification to the user and demand for the proposed ransom. In many cases, the user is given a specified amount of time in which to pay the fee or the amount will begin to increase.

Ultimately, your organization’s defense against these attacks will depend on your level of preparedness. Along with employee education, it’s equally critical to employ the right tools that will allow you to effectively monitor, detect, respond and eradicate these threats. Automated security playbooks, for example, initiate workflows which remediate affected devices while also preventing further propagation. Suspected attacks immediately trigger the playbook to automatically initiate remediation and mitigation procedures.

Best of all, you can try these playbooks for yourself, absolutely free of charge for 30 days. Simply click here to launch your Ayehu trial today.

How to Get Critical Systems Back Online in Minutes

7 Steps to Maximum Cybersecurity

7 Steps to Maximum CybersecurityKeeping your organization safe against the barrage of attacks coming in at an alarming rate is no easy feat. Not only are cyber criminals smarter and more sophisticated than ever before, but they’re also much more relentless. Hackers seeking access to your sensitive data will stop at nothing to get what they want. You have to be ready to do battle at all times, day or night. Is your cybersecurity strategy strong enough to withstand the onslaught? If not, here are seven essential steps that will put you in a much better position.

Step 1 – Assess your risk posture. This is the first step, but also an important part of ongoing cybersecurity efforts. Identify areas of risk and potential vulnerabilities through which hackers may attempt to gain access to your network. Staying a step ahead of the game can prevent attacks from occurring in the first place.

Step 2 – Set up monitoring and security controls. Anti-virus, malware and firewalls should already be in place. More comprehensive network monitoring solutions are also recommended to achieve a stronger line of defense.

Step 3 – Invest in incident management. These days the question isn’t will your company be attacked, but when. Network security measures are designed to prevent invasion and they do a decent job. Unfortunately, they’re not foolproof. Strengthening these tools with automated incident response ensures that if a hacker manages a successful breach, the incident will quickly be detected, isolated and eradicated without the need for any human intervention.

Step 4 – Educate employees. Cyber security isn’t something only the IT department must be concerned with. It’s everyone’s job. To that end, make sure each and every employee within your organization is clear on what his or her role is, how to keep information safe and what red flags to watch for.

Step 5 – Manage user privileges. Research indicates that the biggest threats to a company’s information security are insiders. In most cases, users are unaware they are compromising sensitive data. In others, the perpetrator does so maliciously. To mitigate these risks as much as possible, be diligent about managing user privileges. Limit, monitor and audit user activities accordingly.

Step 6 – Create an all-inclusive security policy. When defining your cybersecurity strategy, don’t forget to account for things like removable media, mobile devices and remote workers. These things can present an added risk to your secure network. Establish and implement controls over media usage. Develop and enforce a mobile working policy. This will keep data secure, both at rest and in transit.

Step 7 – Leverage data to develop best practices. Perform routine audits of any and all security events to identify areas where improvements can and should be made. Utilize data from past incidents to develop and improve your organization’s best practices for responding to future incidents.

Remember – cybersecurity isn’t a “set it and forget it” strategy. It’s a living, breathing practice that must evolve alongside the many attacks that are being waged against your business on a daily basis. By implementing the above steps and harnessing the technology that’s available to you, your organization will assume a much stronger posture against any threat that may arise.

Could your company benefit from the enhanced protection of automated cyber security incident response? Find out today by launching your free trial of Ayehu.

How to Get Critical Systems Back Online in Minutes

4 Biggest Cybersecurity Threats to SMBs

4 Biggest Cybersecurity Threats to SMBsMany people mistakenly believe that small to mid-sized businesses are less likely to be targeted by cyber criminals. While larger organizations certainly bear the brunt of online attacks, the fact is no business is safe from a potential breach. In fact, nearly half (43 percent) of all cyber-attacks actually target small businesses and 60 percent will go out of business within six months. The best way to defend against these attacks is to prepare for them in advance. Here are the top four cybersecurity threats SMBs face and how to secure against them.

Insider Risk – Believe it or not, the biggest security risk most organizations face is not some unknown hacker, but rather the people who work within the company itself. And in most cases, there is no malice involved, just a lack of clear understanding and knowledge of what to look for. Educating employees on the basics of cybersecurity is critical to thwarting things like phishing and other social engineering scams.

Ransomware – You can’t go anywhere online today without seeing a headline about ransomware. This type of malware essentially infects a user’s computer and locks all data unless and until the victim agrees to pay a ransom fee. Again, educating employees on what types of things might be suspicious and also having automated cybersecurity incident response technology in place that can quickly identify, isolate and eradicate the virus before it has a chance to spread are the keys to proper prevention.

DDoS Attacks – Distributed Denial of Service (DDoS) attacks ambush businesses by sending massive amounts of traffic to their websites, slowing them to a crawl and in many cases forcing critical services offline. For companies that rely on their websites or other online services to manage day to day operations, such an outage can cost tens of thousands of dollars in revenue. DDoS attacks can’t be entirely prevented, but having a strategy in place that includes a documented response plan can help mitigate damages.

BYOD – Today’s connected technology has opened many doors of opportunity for businesses to allow employees to bring their own devices (BYOD) and use them in the workplace. Of course, allowing network access with unsecured devices also comes with an added risk of data theft. The solution lies in the development and implementation of a comprehensive BYOD policy which includes educating employees on device expectations and allows businesses to carefully monitor information sharing.

These are just four of the many different vulnerabilities small to midsized businesses face when it comes to cybersecurity. Thankfully, keeping data protected, defending against incoming attacks and recovering quickly following a successful breach is entirely possible. And it doesn’t necessarily have to cost an arm and a leg, either. Check out these five ways to boost your company’s cybersecurity without breaking the bank and download your free trial of Ayehu automated incident response platform today.

How to Get Critical Systems Back Online in Minutes

5 Steps for Responding to a Ransomware Attack

5 Steps for Responding to a Ransomware AttackJust when you thought it was safe to go back to work without worrying about potentially becoming a victim of ransomware, the savvy criminals behind these attacks up their game (ex: WannaCry). The fact is while companies may now be well aware of the risks they are facing hackers continue to stay a step ahead, identifying newer vulnerabilities to exploit and finding more effective strategies for getting what they want. In fact, we often say it’s not so much a matter of if you will be attacked, but rather when.

That’s why having a response and remediation plan in place is so important. The sooner you are able to thwart the attack, the less likely you’ll be to have to pony up the ransom. If you’re not sure where to begin, here are five key steps that can help you bounce back quickly from a ransomware incident.

Prepare – Of course, the first step in developing a strong defense to ransomware should always be prevention, as much as possible. IT personnel should be diligent about patching any known vulnerabilities as soon as they’re discovered and also take the appropriate measures to ensure that any and all additional access routes are effectively contained. Also, routinely back up and safely store all important files.

Detect – Effectively guarding against today’s sophisticated cyber-attacks requires the use of advanced threat intelligence technology. These tools are designed to block breach attempts and also alert the security team of a potential incident so that it can be addressed as quickly as possible. Keep in mind that tools like anti-virus software aren’t always effective in detecting ransomware, particularly attacks that are initiated via social engineering.

Contain – One of the biggest reasons why malware is so harmful is that it can spread throughout a network very quickly, effecting as much damage in as little time as possible. The goal of any good ransomware response strategy should be to isolate and contain the virus before it has a chance to proliferate. This can dramatically reduce the potential damage the virus can inflict.

Eradicate – Once the ransomware virus is detected and contained, the next step is to eradicate it from the network. Any machines affected should either be replaced or thoroughly cleaned and continuously monitored thereafter.

Recover – As mentioned above, it’s critical to regularly back up your files. Once you’ve done so, deleting the infected files and restoring the good ones is easy. Your data remains safe and the criminals leave empty handed. As part of the recovery process, an investigation should be conducted to further identify sources of potential vulnerabilities as well as processes and policies that may need revision in order to prevent future attacks.

When it comes to ransomware and other types of cybersecurity threats, there’s no foolproof way to completely eliminate risk. The best way to protect your organization and prevent significant financial and reputational damage is to invest in the right technology. Automated cybersecurity incident response is designed to help with all five phases of ransomware response above – and all without the need for human intervention.

Keep your company a step ahead of hackers. Download your free 30 day trial of Ayehu today!

How to Get Critical Systems Back Online in Minutes