7 Cybersecurity Steps to Combat Hactivist Attacks

7 Steps to Combat Hactivist AttacksComing in somewhere around 20% of all cyber-attacks, hacktivism is on the rise, and nobody is safe. Just ask big names Sony Pictures, JP Morgan Chase and the American Broadcasting Network, all of whom have become victims of these socially motivated crimes. And given the emotionally charged political state in both the US and around the world, it’s only logical to assume this number will continue to climb.

So how can you protect your organization from a potential hacktivist attack? Here are seven proactive measures you can start taking today for a stronger defense tomorrow.

Don’t poke the bear.

Many hacktivist-driven cybersecurity attacks are inadvertently provoked by news that is released by the target, such as a press release, website content or social media post. Be mindful of the types of announcements and news you’re sharing to ensure none of the information contained within could be erroneously perceived as a threat or challenge to your would-be attackers.

Make sure your defense strategy is up to par.

It’s been said time and time again that the best defense is a good offense, and this is certainly true when it comes to cybersecurity – including hacktivism. You should be regularly auditing your monitoring systems and employing the best available automated incident response platform if you want to prevent potential breaches.

Secure your accounts.

Many hacktivism attacks occur when criminals obtain unauthorized access to a company’s systems and accounts, particularly social media profiles. The damage that can be done if someone unsavory were to take over your social accounts could be potentially devastating. Fortify your security measures by using strong passwords and requiring two-factor authentication.

Have a solid IR plan at the ready.

Beyond incident response from a technology standpoint, hacktivism adds a layer of complication in that it requires a more public-facing response than other types of cybersecurity issues. While the hope is you’ll never fall victim, the reality is there’s a good chance you will, so be prepared from a corporate communications/public relations standpoint. The quicker and more confidently you can respond, the less chance of serious fallout occurring.

Be forthcoming with affected parties.

Nobody wants to have to tell another business or group of customers that their sensitive data has been compromised – especially if it’s due to a misstep on your part, but having difficult conversations in light of a hacktivism attack is a necessary evil. In the event of a cybersecurity breach, confirm all the facts as quickly and accurately as possible, then develop a remediation strategy that can be immediately communicated to customers and partners that have been affected. The sooner you work to get things under control, the better.

Learn from your mistakes.

If you have become a victim of a hacktivist attack, you can take a negative situation and turn it into a positive by analyzing how your IR and remediation process actually played out. This can allow you to identify areas where improvements can and should be made and enable the development of best practices for dealing with such incidents in the future.

Be vigilant.

Last but not least, keep your ear to the ground and your fingers on the pulse of what’s happening in the world around you – particularly as your business pertains to things. Being alert and vigilant can help you recognize and proactively protect against potential risks.

Hacktivist attacks are increasing in both number and complexity. If you haven’t yet taken the right steps to strengthen your defense, you could be placing your organization in harm’s way. Check out these top 5 cybersecurity playbooks that you can employ and start automating your way to a safer company.

How to Get Critical Systems Back Online in Minutes

How to Calculate the ROI of Cybersecurity Threat Defense


Article originally published on Security Info Watch

As any executive knows, keeping a close watch on the bottom line is a critical element of ongoing success. For CIOs, CTOs and CISOs, finding a way to keep costs down while maximizing protection against potential security breaches is a familiar struggle. The difficulty often lies in the paradox that exists when one is essentially investing in something that has not yet occurred. Further complicating matters is the fact that many organizations are employing a complex multitude of systems, applications and defense mechanisms which can make establishing quantifiable return-on-investment (ROI) a prohibitive undertaking.

Yet, the potential financial impact a successful breach can have certainly justifies the upfront and ongoing expense required to adequately prevent one from occurring. One only needs to peruse the headlines to see evidence of how costly a security incident can be – both monetarily as well as reputation-wise. More importantly, it’s becoming increasingly evident that no one is safe from becoming a victim of today’s sophisticated online hackers. Businesses of every shape, size and industry would be wise to take heed and put the appropriate measures in place to keep their networks and sensitive data safe from harm.

So how, then, can one effectively capture the return on this important if not essential investment? Despite the countless news articles and leading experts predicting the steady and ongoing increase in amount and complexity of criminal activity online, many key decision makers still insist on seeing real, measurable results in order to justify the value of having an established, solid threat detection plan in place. The good news is, with the right strategy, calculating and communicating this ROI is entirely possible.

Start with the Basics

Before you can adequately assess ROI, you need to have a clear and documented understanding of all of the costs and benefits associated with your threat defense strategy. First there are the costs involved in the overall cybersecurity plan you have in place (i.e. monitoring systems, incident response software, IT security personnel, etc.). These expenses are easily measurable, but if you’re not contrasting them with the right information, they can easily scare away even the most open-minded board member.

To balance your expenditure properly, the next calculation will likely be a little bit more abstract. That is, you’ll need to identify and capture, as accurately as possible, the costs associated with a security compromise. For instance, the following factors can and often do influence cost:

  • Percentage of incidents that lead to an actual breach
  • Percentage of threats that are major incidents
  • Average cost of a major incident
  • Percentage of threats that result in minor incidents
  • Average cost of a minor incident
  • Average annual growth of security threats and incidents

At an organizational level, there are additional factors that must also be accounted for. Ideally, these numbers would be captured prior to implementing a comprehensive threat management strategy, as this will allow you to more closely measure the additional savings achieved by the new strategy, whether it’s adopting better software, deploying automation technology, or some combination of these.

By way of example, these calculations might look something like this:

  • Average number of incidents per day
  • Number of incidents being addressed daily using current resources
  • Gap between addressed and unaddressed incidents
  • Number of incidents addressed daily using new incident management strategy

The figures obtained from these calculations will allow you to pinpoint or at least approximate the amount of money a potential security breach could cost your organization. With that number in hand, the savings achievable by avoiding those financial implications can be determined.

Delving Deeper

Another important thing to point out is that the ROI of good threat defense stretches far beyond the basics covered above. Recognizing these additional benefits can help strengthen and solidify a case for enhanced incident management. One area upon which many fail to capitalize, particularly in terms of justifying potential savings, is in the incident response realm. Far too often, the focus lies squarely on prevention, when in reality it’s the remediation that can truly quantify the return.

The truth is, when it comes to security breaches, it’s quite often not the actual incident that has the greatest impact, but rather the time it takes to identify, isolate and resolve the issue before it has a chance to cause further damage. This mean time to resolution (MTTR) is where the true value of threat intelligence lies.

According to recent reports, the majority of organizations today find out about a security breach by an external third party, such as their bank or a government body. The time it takes to identify said compromise averages somewhere around 320 days. For breaches that are detected internally, this number drops to around 56 days, which is still a significant amount of time to allow a successful incident – and the hackers behind it – to have a field day with your network, systems and sensitive data.

Complicating matters is the speed with which a compromise can occur. One recent industry report indicates that more than 80 percent of cybersecurity breaches happen in mere minutes. The vast canyon between compromise and detection is alarming to say the least and that’s not even taking into consideration the amount of time it takes to actually recover once a security incident is discovered.

It is estimated that about 60 percent of MTTR is spent determining the root-cause of the actual problem. The rest is spent mitigating damages and working to achieve a complete resolution. When system outages or any type of downtime is included in this process, you should increase the cost of compromise accordingly.

The Value of Reducing MTTR

With the right technology – such as IT automation – a significant savings can be realized in MTTR alone. Calculating this savings involves a two-step process. Start by determining the total yearly cost of incidents by applying the following formula:

Number of Monthly Incidents X Time to Resolve Each Incident X Cost of Personnel Per Hour X 12 months = Annual Cost of Incidents

Keep in mind that the type and severity of incidents will vary, so you may wish to use this formula to determine the cost associated with each incident priority level. In other words, your priority one (P1) incidents will have a different resolution time and associated cost than that of P2 and P3 incidents. Additionally, the costs associated with support personnel may also vary based on level and skillset. For instance, P1 incidents might require the expertise of both L1 and L2 teams, so calculate accordingly.

Once you’ve determined your annual cost of incidents, the second step involves calculating your annual savings. This can be done by using the estimated percentage of reduction in resolution time that your applied technology delivers. The formula looks like this:

Annual Cost of Incidents X Reduced Time to Resolution (%) = Annual Savings

On the conservative end, some experts believe the average reduced time to resolution a good automation tool could potentially deliver hovers somewhere between 50-75 percent. That means if your annual cost of incidents is $350,000 you could potentially be saving anywhere from $175,000 – $245,000 each and every year. There aren’t too many decision makers who wouldn’t appreciate those kinds of numbers.

For the most part, today’s IT executives are fully capable of understanding the importance of investing in cybersecurity. When it comes to convincing others, however, there may be a bit more work involved. Knowing what data to take into consideration and how to transform that data into quantifiable evidence can help you better drive home the value of threat detection as not just an ancillary component of IT, but a fundamental ingredient in the ongoing safety and success of the organization as a whole.

Click here to read original article.

How to Transform Everyday Employees into Cybersecurity Pros

How to Transform Everyday Employees into Cybersecurity ProsWhen it comes to the topic of cybersecurity, the most obvious point of contact is typically the CSO (or IT department equivalent for smaller organizations). But while it’s certainly this individual’s job to spearhead the company’s protection against cyber-attacks, it’s not a responsibility that rests solely on his or her shoulders. To the contrary, considering the fact that 43% of all data breaches are caused internally, it’s becoming more evident than ever before that cybersecurity is a shared, company-wide responsibility.

Simplifying the Complex

One of the biggest hurdles IT professionals face when attempting to get non-technical employees on board with cybersecurity is the fact that it’s highly complex in nature. While this is necessary in order to effectively combat would-be attackers, it can be downright intimidating to the layperson, which can lead to resistance and lack of widespread adoption. Providing training that is easily accessible and engaging is of the utmost importance.

To build such a training program, focus on what the employees need to know in order to keep the organization safe rather than the intricate details of what a potential hack might entail. Avoid delving too deeply into muddled topics or using industry jargon to prevent further confusion.  Use training methods that are engaging, encourage retention and resonate most effectively, such as video and other dynamic eLearning courses.

Bringing Concept to Reality

There are few things that drive home the importance of a particular subject quite like real-life, hands-on experience. One of the keys to getting all employees onboard and committed to corporate-wide cybersecurity is to allow them to practice the appropriate steps in a live, albeit low-stakes environment. Bring training to the next level by having employees actually perform some of the necessary steps for achieving a stronger, safer network, such as creating stronger passwords.

Furthermore, providing real-time “in the moment” feedback can create a more personalized and therefore more effective learning experience that is much more likely to improve performance and drive home the message being delivered. The more employees work on real, actionable cybersecurity activities, the more they will be able to apply these concepts to real life situations.

Arming the Forces

Lastly, letting employees know that their efforts are backed by the best technology available can help reinforce the critical importance of cybersecurity. Monitoring systems and ongoing automated incident response should not be viewed nor treated as mere business expenses but rather an investment in the ongoing protection of sensitive company data.

The right automation and orchestration solution will not only help fortify your organizational defense, but it will also provide those in charge of IT security with valuable data about their existing workforce. This data can then be used to identify areas where additional training and education are needed.

The bottom line is that cybersecurity is not the sole responsibility of one individual or even just one team. To truly establish a strong, impenetrable defense against today’s savvy cyber criminals, everyone must contribute – from the break room to the boardroom and every role in between. The right education and a solid strategy that incorporates cutting-edge automation technology are the keys to success.

Arm your organization with a stronger, more effective defense. Download your free 30 day trial of eyeShare today.

How to Get Critical Systems Back Online in Minutes

5 Tips for Recruiting Top Cybersecurity Talent

5 Tips for Recruiting Top Cybersecurity TalentGiven the current cybersecurity landscape, it’s becoming increasingly evident how important it is for organizations to staff their IT departments with highly skilled individuals who are capable of handling the monumental task of network and data security. Unfortunately, at least for the time being, it’s largely an employee’s market, which means companies are competing fiercely to attract, court and hire from the dwindling pool of qualified candidates. Here are a few suggestions to help tip the scales in your favor.

Leverage Social Networks

Being active on social media is a given for all businesses today, but when it comes to tapping into certain talent bases, it requires a more in-depth and targeted involvement. If you want to find the best security professionals, you have to be present where they are, so look for things like online forums, discussion groups (like on LinkedIn) and anywhere else you can start or join in on conversations about the topic of cybersecurity.

Be Flexible with Your Requirements

Not every individual out there working in the thick of the cybersecurity realm is necessarily decorated with degrees and other impressive credentials. In reality, many of the most skilled and valuable security experts got to where they are today by working their way up and learning the ropes through on-the-job training. If your requirements are too stringent (i.e. only candidates with a bachelor’s or master’s degree need apply), you could very well be weeding out those with much more valuable hands-on experience.

Look In-House

If you are a larger organization, chances are you’ve already got a slew of eager entry-level IT folks waiting in the wings for an opportunity to grow and improve their skills. Investing in these up-and-comers through internal mentorship, education and ongoing training can help circumvent the process of finding and hiring top external talent and provide a leg up in the race for optimum cybersecurity defense.

Showcase Your Assets

One thing top cybersecurity pros look for in a potential employer is the tools and technologies they will ultimately have at their disposal should they choose to accept a job offer. What types of weapons have you invested in to help fortify your defense against cyber-attacks (i.e. advanced monitoring, automated incident response, etc.)? What things really set your company – specifically your IT department – apart from others? Showcase these things in your job listings and discuss them during the interview process.

Don’t Rely On Salary Alone

Sure, money is important in bringing in the big guns, but it’s not the be all and end all. While you’ll likely have to pay more for top cybersecurity talent than other IT roles, you should also be working on a solid benefits program – particularly one that values work-life balance. Demonstrate to your candidates the steps you’ve taken as an organization to ensure that IT workers won’t get burnt out, such as investing in technology that makes their jobs easier and implementing generation vacation plans that encourage time off as needed. These little perks are often what will make all the difference in deciding which offer to accept.

Building a team of highly skilled, well-prepared cybersecurity professionals may be challenging in today’s marketplace, but it’s not impossible. The five tips listed above should help you position your organization as one that offers excellent opportunities and is overall a great place to work.

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

The True Costs of a Cybersecurity Breach

When reference is made to cybersecurity incidents, much of the focus remains on the overall monetary losses. Typically a general statistical figure is used (usually in the hundreds of millions) which represents the financial impact of data breaches across the globe. The problem with these facts and financial figures is that it can be difficult to apply them to one’s own business, which unfortunately leaves many companies vulnerable to continued attacks and at a much greater risk of becoming a victim.

Thankfully, Cisco recently released its Annual Cybersecurity Report, which delves much deeper to reveal the impact that a data breach from different angles; namely from the perspective of how many customers the average business is likely to lose as the result of a security compromise. The following eye-opening stats can help bring the real and growing risk of cyber-attacks into better focus and demonstrate the critical importance of implementing a strong incident response strategy.The True Costs of a Cybersecurity Breach

Consider for a moment that, according to the report, 50% of organizations that have experienced a cybersecurity breach in just the year 2016 alone faced a backlash of public scrutiny and more than 1/3 of them reported that scrutiny resulted in a hit to customer retention. As a result of losing customer trust and subsequent business, these companies realized a revenue loss of more than 20%. Additionally, the report also revealed that some 23% of organizations facing a security breach lost out on future business opportunities.

Often times it’s difficult – especially for smaller to mid-sized companies – to visualize what portion of the astronomical dollar amount that is discussed in relation to security breaches. It seems almost far-fetched to some degree. But when you think about it in terms of how many actual customers your business could potentially lose as the result of inadequate cybersecurity measures, it comes into focus.

This is important to point out because, in reality, no organization is safe from hackers. In fact, more and more cyber criminals are actually targeting smaller businesses because they feel there is a greater likelihood of success. By drilling down to reveal statistics that can be applied to companies of every size and industry, the real risks and subsequent costs of cybersecurity breaches becomes much clearer.

So, what’s the solution? Well, the first step is developing a strategy that covers all of your bases. Many businesses suffer the consequences of a successful attack not because the incident occurred, but because of the amount of time it took to finally identify and address the problem. Cisco’s report indicates that only 56% of cybersecurity alerts are actually investigated. Furthermore, less than half of legitimate incidents are properly remediated.

The problem many organizations face, and the reason these numbers continue to come in at alarming levels, is because of the gap that exists between the frequency and complexity of attacks and the skilled staff to handle them. This is where technology can truly be the differentiator. To give your business the best chance at avoiding a costly breach, there must be a closed-loop process in place that will serve to monitor all incoming alerts and automatically either remediate or escalate to the appropriate party for attention. This type of automated cybersecurity incident response serves to bridge the skills gap while simultaneously addressing the ever-evolving threat environment.

The good news is of the nearly 3,000 chief security officers and security operations leaders from 13 countries surveyed, 90% said they were actively improving on their threat defense processes and technologies.

Will your company be among those strengthening their defenses? Fortify your strategy with a force multiplier – try the Ayehu automation and orchestration platform free for 30 days and position your company on the right side of the statistical scale.

How to Get Critical Systems Back Online in Minutes

10 Ways IT Automation Can Reduce Cybersecurity Risks

In today’s day and age, especially given recent events, concern about cybersecurity is at an all-time high. Businesses, consumers and employees all want to be certain that their sensitive information remains safe and secure at all times. Just consider the recent security breech that occurred with major retailer Target, through which the sensitive financial information of millions of people was compromised by a hacker. So, how can you be sure that the confidential data your organization is responsible for will remain safe from a potential cyber threat? Simple: through IT automation. Here’s how.10 Ways IT Automation Can Reduce Cybersecurity Risks

You probably already have some type of security information and event management (SIEM) system in place, which is designed to protect sensitive data from being accessed by unauthorized parties. The right IT automation and orchestration platform can essentially integrate with that existing system to both enhance and extend its capabilities. The result is a closed-loop automated process that helps to identify security incidents the moment they occur so they can be addressed immediately. Furthermore, because this is no longer done manually, operational efficiency will improve as an added bonus.

The way it works is simple. Security threats are identified right away so they can be evaluated to determine their level of importance. With the right product, this part of the workflow can incorporate human decision making. The security analyst can review all detected threats, verify their severity and then determine the next step in addressing each one. Automation is then re-initiated and the workflow can continue instantaneously. The appropriate tasks can be executed over either physical, virtual or cloud environments. ITPA can monitor security threats both on a case by case basis and via routine scheduled scans to proactively identify and prevent security vulnerabilities.

Still not convinced? Here are 10 specific ways that IT automation can help businesses reduce cybersecurity threats:

  • Capture SIEM system security events and automatically execute specified procedures to extract additional information, manage incident resolution and communicate with relevant personnel as needed to solve more complex events.
  • Capture antivirus system alerts and execute policies to prevent intrusions and the spread of viruses and other dangerous external threats.
  • Monitor the availability and functioning of internal security systems.
  • Remotely disconnect any unauthorized devices and/or computers from the network instantly via email or SMS.
  • Remotely disable/lock access for hostile users immediately via email or SMS.
  • Conduct remote, on-demand checks of users who are currently logged in to a certain workstation, using either email or SMS.
  • Generate daily reports of Active Directory (AD) locked users.
  • Generate daily reports of AD users that haven’t logged in to the domain during or within certain timeframes.
  • Generate reports of AD users whose passwords are about to expire within the next few days, as well as send alerts via email/SMS.
  • Enable/disable user logins within certain time frames to maintain better control over remote user connections.

These days, cyber threats are everywhere and businesses of every size and industry must be aware of the dangers, and take proactive measures to protect the sensitive data that they are in possession of. By integrating IT automation with your existing SIEM, you can more effectively achieve this goal and provide an added level of protection to your sensitive information.

Need to protect your data in a more proactive, effective way? Download your 30 day free trial today!

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

How to Keep Data Secure When Outsourcing

How to Keep Data Secure When OutsourcingAn estimated 300,000 jobs are outsourced annually from the US alone. Businesses of all sizes have been leveraging this option for decades in an attempt to cut costs and gain access to a global pool of talent. But while tapping into external sources can be beneficial in many ways, it can also open the door to cybersecurity risks. The good news is, with the right approach and proper preparation, your organization can enjoy the advantages of outsourcing while also keeping your network and data safe. Here’s how.

Start In-House – Before you even think about passing on some of the workload to an external provider, make sure you have a solid cybersecurity incident response strategy in place. The most effective plan will cover every end of the spectrum – from detection to automated response to remediation and recovery. If you don’t yet have this type of protection in place, the time to do so is now.

Choose Wisely – The next step in ensuring adequate security of your network and data requires that you are very careful when selecting the vendors to whom you will be outsourcing. Make sure that they too have strong security policies and procedures in place and that they have a good track record of keeping their clients’ data safe. Do your homework or risk a potential breach.

Apply the PoLP Rule – The Principle of Least Privilege (also sometimes referred to as the principle of least authority) is an IT security rule that limits the access of users based on their job duties. It basically states that only those who have a direct “need to know” will have access to certain systems, computers, files, networks, etc. This is important, particularly when it comes to cybersecurity with outsourcing. Make sure you are only granted the necessary amount of access and keep a close watch at all times.

Audit Regularly – Build in ongoing network monitoring and regular audits into your normal routine to ensure that any potential issues that occur are identified and addressed as quickly as possible. This will also help you determine whether the vendor you’ve chosen is still in line with the cybersecurity policies and procedures that they originally put in place. If not, it may be time to reassess your approach and make some changes.

Optimal Use of Technology – This is important on both ends of the spectrum. Internally, you’ll want to employ the use of the latest in cybersecurity IR technology to provide an added level of data and network protection. Likewise, you’ll want to verify that the outsourcing vendor you’re using is also leveraging advanced technology to ensure adequate security.

Outsourcing can be a great option, particularly for smaller to mid-sized organizations, as it can help achieve a greater degree of competitiveness without the hefty expense of keeping staff in-house. But if you plan on opening your virtual doors to an external party, you’d better make sure you’re taking the appropriate measures to avoid potential data breaches.

Start fortifying your defense today by implementing our powerful automation and orchestration platform and enjoy round-the-clock, closed-loop cybersecurity incident response for your business.

Try it free for 30 days.

How to Get Critical Systems Back Online in Minutes

How Automation Technology is Solving the Cybersecurity Staffing Shortage Issue

*This article originally published in Security Magazine.

As cybersecurity incidents continue to increase in both complexity and frequency, businesses of every size in every industry and in just about every country across the globe are recognizing the glaring need for stronger defense strategies. The problem is, there simply aren’t enough talented IT security professionals to fulfill this growing need. In fact, a recent study by Intel Security and the Center for Strategic and International Studies (CSIS) revealed that 82 percent of IT decision makers report a shortage of cybersecurity skills.

And the problem goes well beyond simply not having enough people to handle the job. Cybersecurity incidents are wreaking havoc on these underprepared, under-protected organizations. The same Intel survey revealed that one in three respondents feel the shortage of skills makes their organizations more desirable targets for hackers. Furthermore, one in four say insufficient cybersecurity staff strength has damaged their organization’s reputation and led directly to the loss of proprietary data via a successful cyber-attack.

So, what’s the solution? Are businesses simply stuck in limbo until enough up-and-coming IT security professionals with the adequate skillsets enter the market? And what about smaller companies that face the additional challenge of budgetary restraints? Are they just doomed to be a more likely target of cyber criminals because they can’t afford to pay top security talent? The good news is there is a solution. The better news is, it’s both cost-effective and available now.

IT automation can help companies of every size close the skills gap and remain a step ahead of potential security breaches. Whether it’s a small to mid-sized company struggling to afford an in-house IT team or an enterprise-level organization that has the means but lacks the talent, automation technology provides the ideal solution in just about any scenario. And because it’s both affordable and scalable, it also eliminates the need to outsource, which means the business is able to maintain greater control.

Rather than rounding up additional IT personnel to handle the incident response process, an automated playbook can be implemented in their place. Not only is this a more efficient and cost-effective business model, but it can also dramatically improve the level of protection for the company. The moment an alert occurs, the automated tool detects it. This alone is something that human workers simply cannot do as effectively on their own – especially in the case of larger enterprises that receive tens of thousands of alerts each and every day.

As anyone who is familiar with the incident response process will tell you, not every alert is indicative of a cyber-attack. To the contrary, the vast majority of them are either harmless or they’re simply not sophisticated enough to cause any real damage.

But what if, as your IT staff is relentlessly weeding through all the potential threats, the one incident that is truly dangerous slips through? This is exactly what happened in the case of the infamous Target breach that occurred a few years ago. It wasn’t that the company failed to monitor incidents, but rather that it didn’t have the appropriate tools in place to effectively pinpoint the ones that needed to be addressed. As a result, a real threat snuck in and the rest is history.

This is another area where automated incident response technology can truly make the difference. Had Target (or most of the hundreds of other organizations in the news due to a breach) employed automation as part of their incident response strategy, the threat in question would have been identified and addressed right away – before millions of customers had their personal information compromised.

More importantly, Target’s breach demonstrated that adequate cyber security isn’t dependent on the number of IT employees on your payroll. It’s about having the right tools and technology in place to support and enable existing staff (regardless of size) to do their jobs more effectively.

With advanced automation software, the entire incident response strategy can be run like a well-oiled machine, whether there are 100 IT workers or three. While the technology behind automated incident response is complex, the way it works is relatively simple and straightforward. The moment an alert arises, the system detects and assesses it for legitimacy and severity. Actual threats are then prioritized and the appropriate steps are initiated to address the situation. If the incident can be resolved automatically, it will – without the need for any human input. If escalation is required, the appropriate party will be notified accordingly.

There are a variety of ways an automated incident response playbook can be built and deployed, and they are both customizable and scalable. In most cases, playbooks are developed based on real-life scenarios and actual use cases, which helps to make them more effective in detecting and resolving legitimate incidents in a timely manner.

Additionally, most advanced automated tools have the capability to integrate seamlessly with existing monitoring systems, programs and applications, thereby extending and improving the level of defense against potential cyber-attacks. Lastly, automated IR helps to dramatically reduce mean time to resolution (MTTR) from weeks and days to hours and sometimes even minutes. That means if an incident does happen to slip by, it can be isolated and nullified before it has time to wreak havoc.

So while the staffing shortage doesn’t appear to be waning any time soon, there is plenty of good news on the horizon for companies of every size and industry. Automation technology can bridge the gap, strengthen the line of defense and help mitigate damages in the event of a successful breach. Best of all, it’s available for round-the-clock protection – something even the most substantial IT departments can’t match. And finally, automated playbooks don’t cost nearly as much as hiring top IT talent, yet they’re incredibly efficient and effective. So for now, it’s certainly a solution worth considering.

Gabby Nizri is the CEO of Ayehu, Inc., which provides Process Automation and Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication and recovery from cyber security breaches. 

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

How to Recover from a Ransomware Attack

How to Recover from a Ransomware AttackAccording to a recent survey, nearly 50% of all organizations have been struck by some type of ransomware in the last 12 months. In fact, in March 2016 alone there were more than 56,000 reported attacks. Furthermore, CNN reports that $209 million was paid to ransomware hackers in just the first quarter of last year. If you think you can’t be a victim, think again. Even if you have a strong cybersecurity incident response strategy in place, it’s just as important to know what to do in the event that a threat slips by undetected.

If you find you’ve been hit by a ransomware attack, here’s what you need to do to mitigate damages and get things back on track as quickly as possible.

Step 1: Avoid clicking on anything unfamiliar.

It’s not uncommon for hackers to use pop up messages in an attempt to entice users into their trap. For instance, a dialog box might pop up containing a message that indicates your computer has been infected and instructing you to take certain steps to rectify the problem. Unfortunately, doing so will only make matters worse. Avoid clicking on anything that’s unfamiliar or even the slightest bit suspicious.

Step 2: Disconnect from the network.

The ultimate danger of ransomware is that it is designed to spread through the network as quickly and invasively as possible. To mitigate damages, you must take the appropriate measures to thwart the malware’s infiltration. As soon as you believe you’ve been infected, immediately disconnect your device from the network. If you are accessing the internet via WiFi, turn it off. If you are connected via an Ethernet cable, unplug it right away. The more quickly you cut off access to your network, the less havoc the hackers will be able to wreak.

Step 3: Save and troubleshoot.

As soon as you’ve disconnected from the network, the next step is to save any and all important documents or files you’ve been working on. Then, reboot your computer in safe mode. Once you’ve rebooted, run a virus scan. Hopefully your cybersecurity incident response strategy includes adequate virus protection that’s designed to both detect and eradicate any identified malware. In the absence of this type of security software, you may need to use another device to download the software, save it onto a flash drive and then run it on the infected device accordingly.

Step 4: Restore your system.

If your anti-virus software doesn’t do the trick, you may need to restore your system back to a previous period, prior to the ransomware infection. Provided this feature was never manually disabled, running a system restore from safe mode should be pretty easy and straightforward. To begin, simply choose Advanced Boot Options and then select Repair Your Computer. From there you should see an option for System Restore. Launching this will result in your device restarting in an older version.

Step 5: Examine your files.

The next step will depend on the type of ransomware that has infected your device. If you can’t locate your files (or the shortcut icons for them), that means they’ve either been hidden or they’ve been encrypted. To determine what type of mess you’re dealing with, start by finding your hidden files. Open your File Explorer and choose Computer (or This PC). Click the View tab and choose Hidden Items. If a list appears here, you should be able to restore your files easily by simply right-clicking each item, choosing Properties and unchecking “Hidden.”

If your files do not appear in the Hidden area of your computer, this unfortunately means your data has likely been encrypted. That means the hackers were able to lock up your data and they will only release what they’re holding “hostage” if you agree to pay their proposed fee (hence the term “ransomware”). This is why a cybersecurity incident response strategy that includes frequently backing up data to the cloud or external resources is so critically important.

Step 6: Don’t let it happen again!

If you’ve been unlucky enough to have been hit by ransomware, you’re obviously not alone. Aside from being a huge headache and possibly costing your organization a good deal of money, this unfortunate event should serve as a lesson in how important it is to take proactive measures that will improve your level of protection against such attacks. Start with a highly effective monitoring system, and then leverage tools like automated cybersecurity incident response to establish a closed-loop process. And, above all else, educate your employees on how to properly back up files and recognize the signs of potential malware. Taking the steps to prevent as well as being prepared to remediate an attack is key.

Is your organization as safe as it could be from costly ransomware attacks? Fortify your defense with our automation and orchestration platform, designed to pinpoint, isolate and destroy all types of cybersecurity incidents – including ransomware.

Try it free for 30 days. What do you have to lose? Click here to download your free trial today.

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

Live Webinar: How to Detect and Resolve Today’s High-Profile Threats

Tuesday, January 31, 12:00pm EST / 9:00am PST

One only needs to read the daily news headlines to recognize how big of a threat cyber-crime has become. These days, businesses of every size and industry and from all over the globe are vulnerable to ransomware and other malicious cyber-attacks, placing them at risk of both financial as well as reputational damage. And with an ever-increasing volume of complex cybersecurity incidents and dwindling resources, SOC teams are more overwhelmed than ever before.

What’s the solution?

In order to adequately defend against the onslaught of attacks and handle incidents in real time, IT must strike an ideal balance between detection and remediation of both known and unknown threats.

A great example of this type of power-packed combination is the integration of OPSWAT threat detection and Ayehu automated incident response and remediation platform. And now, you can see this dynamic duo in action by attending this live webinar.

On Tuesday, January 31, 12:00pm EST / 9:00am PST, join security experts from OPSWAT and Ayehu as we discuss how to detect and resolve today’s high-profile threats.

In this live online presentation, you’ll learn:

  • Why and how today’s high-profile threats have evolved and expanded
  • Key methods to identify and verify attacks in your environment and across disparate systems, including scanning anti-malware engines, automating routine tasks, and rapidly containing, remediating, and recovering from attacks
  • How combining technology from OPSWAT and Ayehu can bridge the gap between detecting and resolving threats

Does the topic of cybersecurity keep you up at night? Are you and your team tired of fighting an uphill battle to keep networks, applications and sensitive data secure and safely out of the hands of malicious hackers? If so, then this webinar is a MUST-attend!

But hurry….seats are limited and we fully expect that this highly-anticipated webinar will fill up quickly.

Register today to reserve your spot before it’s too late.



Guy Nadivi

Guy Nadivi, Sr. Director of Business Development, Ayehu

Sharon Cohen, IT & Security Professional Services Manager, Ayehu

George Prichici, Product Manager, OPSWAT

Taeil Goh, CTO, OPSWAT