Question

What is the impact of network attacks on the operation of an organization? What are some key steps organizations can take to help protect their networks and resources?

Have you actually worked for an organization or know of one where the network was compromised? If so, what was the impact on the organization and what did it do about it?

What steps can you take to protect your own PC or laptop computer?

Answer 1

In the first part of our ongoing series about Targeted Attacks, we discussed what a targeted attack is, what constitutes as one, and how different it is from other types of cyber attacks. In this latest entry, we’ll be talking about how a targeted attack could impact not only the targeted organization, but also its customers, like how these incidents could put either side in dire financial straits or a severe public relations fiasco. It could also cause mass unemployment, compromise national security, or stiff penalties for those responsible.

How does a targeted attack affect the victims?

The impact of a targeted attack varies, depending on the target and the intent of the attacker. Based on the bigger attacks we’ve seen and the huge, all-encompassing effects they have, here's a list of the most common effects a targeted attack may have on a company in general:

• Business Disruption: The company may be unable to perform its daily tasks and operations, either because the attack caused system downtime, or because manpower had to be diverted to deal with the attack itself. This happened with the attack last year on TV5 Monde, where a targeted attack caused the network to shut down its operations, causing 11 channels to completely go off the air.
• Intellectual Property Loss: The company’s own intellectual property may be stolen, as in the case of the hacking of RSA, where data pertaining to their SecurID two-factor authentication system was stolen. The Sony hacking incident also resulted in the leak of their unreleased movies as well.
• Customer Information Loss: The company’s information database of their customers’ personally identifiable information (PII) may be broken into and stolen, which can result in their customers being at risk for identity theft, blackmail, extortion, or worse. This is one of the most common results of a targeted attack, and was exemplified in breach incidents that involved huge retail chains such as Target and Home Depot, where millions of customers had their PII stolen.
• Reputation Loss: The company reputation is tarnished when they are seen as incapable of being trusted with data critical to consumers and/or national security. This may hit them hard enough that the effects extend outside of the digital world, such as the company being sued or the CEO being forced to resign. This was seen in the Ashley Madison hack, where CEO Noel Biderman resigned following the incident, and the compromised account owners had to deal with the effects of having their accounts and activities publicly revealed.
• Financial Loss: The company may be hit with financial losses either due to legal troubles stemming from the targeted attack (i.e. class-action lawsuits) or a loss of clients (due to bad faith resulting from the attack). The affected company may also have to spend millions of dollars in reparation of the damages caused, as well as the investment needed to prevent future attacks. This was exemplified in the Target data breach in 2013, where the company spent more than US$100 million upgrading their systems to prevent another breach, besides suffering a 46% drop in profits after the attack itself.

How can a targeted attack affect the affected company's customers?

In cases where the targeted attack results in a data breach and the targeted company has customers, those that the targeted company or organization supports can be at risk of the following:

• Identity theft: with a data breach, the PII of customers may be leaked, such as full names, addresses, telephone numbers and other information. This may be used for malicious purposes by other attacker groups and opportunists for extortion.
• Blackmail: Cybercriminals may also use the leaked information to extort money from the affected customers, similar to what happened during the aftermath of the Ashley Madison data breach.
• Financial loss: Leaked financial information of customers can be used to steal from their online banking accounts.
• Reputation loss: Depending on the kind of information leaked by the data breach, it could also tarnish the affected customers’ reputations, as with the case with the Ashley Madison data breach.

What are the unseen implications of a successful targeted attack?

For the affected company, it will mean more costs to secure their system against possible future attacks, besides having to spend more to regain their clients' trust and rebuild their brands' reputation. This could involve a complete overhaul of their system, their network infrastructure, as well as some public layoffs of those deemed to have been responsible.

The affected organization will also have to cooperate with law enforcement and security vendors in order to find the parties responsible—and all of this can result in more losses for the company. Combine that with the disruption of operations that the targeted attack will cause before, during and after the fact and it can be considered as a ‘killing’ blow to a company—especially one that's reliant on customer revenue.

For the customers, it involves an increasing distrust in big companies and/or government organizations, as well as attack groups becoming bolder with every success. The employees of the targeted company will also find themselves mistrusting their employers, or being publicly shamed/interrogated by irate customers because of their employer’s inability to secure their data.

The impact of targeted attacks is far-reaching, and doesn’t just involve the target company. This makes it doubly important for organizations and high-risk targets to ensure their protection. Solutions like the Trend Micro Deep Discovery threat protection platform enable companies to detect, analyze, and respond to modern threats such as sophisticated malware, targeted attacks, and APTs.

There is anything but a solitary industry anyplace on the planet who are invulnerable from the danger of some type of digital assault. Any assaults on your association's IT Network will be flighty regarding the correct technique for assault, however you can in any event be ready to avoid and shield your organization from such digital assaults with these 8 simple to pursue steps.

1. Execute your CyberSecurity system starting from the top

Devise a security system, ensure Directors and Management comprehend the significance of your association's IT Network Security. The principal thing about security is realizing the dangers included and understanding what should be anchored, to be specific what are your resources/resources.

Simply after an intensive hazard evaluation has been done can an appropriate security technique at that point be shaped and executed. The significance of digital security ought to be something that senior administration comprehends and bolsters, bringing about a best down way to deal with usage.

2. Make polices for the distribution of interior IT Resources

When the significance of security issues is completely comprehended by the executives, associations would then be able to start to make and actualize polices on the best way to utilize, oversee and distribute organization assets to handle digital security.

It is essential to then create and uphold approaches and techniques for representatives to pursue, this will affect:

The portion of organization IT assets – permitted and restricted consumption

Change the board methodology to be actualized over all IT frameworks and related arrangements

Reconsider hazard and security act at normal interims

3. System Security

Have a system structure with a solid spotlight on digital security. Fragment your system on coherent framework based zones so you can detach/isolate basic business frameworks and have the capacity to apply organize security controls to them – firewall/assess traffic between those zones. Secure your Internet Edge yet in addition inside traffic (east-west), cover the most utilized vectors of assault (email, web)

Give careful consideration to remote availability – utilize solid validation dependent on individual qualifications or individual endorsements, solid encryption (AES) and legitimate visitor/BYOD get to. Plan cautiously, home and remote clients get to – they ought to have rise to security controls as clients on corporate systems.

Have an essential issue for framework observing (SIEM) that is incorporated inside your condition and gives a solitary point that holds every single relative log/occasions for your frameworks. Screen your system/client action with qualified staff. Tweak your IPS frameworks to utilize with respect to your system condition security rules/marks and to create applicable cautions. Follow up on the cautions quickly.

Secure both client/the board and physical access to your system resources. Apply just secure setup utilizing the seller/standard suggested best practices. Have a lifecycle strategy set up – otherwise known as survey/restore security controls/hardware at standard interims. At last, guarantee you have an a la mode arrange outline with HLD/LLD records.

4. Ensure your endpoints/servers

Continuously utilize really upheld programming and equipment. Make and keep up a strategy for fixing and updates – stay up with the latest with patches and security refreshes.

Devise and keep up an equipment and programming storehouse – comprehend what you have in your system. Halfway deal with your endpoint from OS and programming perspective. Limit client rights to make changes to endpoint security:

Never give typical clients full access (administrator)

Limit execution controls/change arrangement

Make safe-arrangements of permitted programming

Handicap pointless administrations

Handicap pointless fringe gadgets and removable media get to

Impair auto-run capacity if removable media get to is regarded fundamental

Getting to touchy data ought to be done in a protected way – appropriate access controls ought to be set up – secure and powerful verification components, utilize two-factor confirmation for delicate access, encryption for information in travel and rest. Checking of how touchy information is dealt with and exchanged ought to likewise be set up.

Use endpoint insurance component (Anti-Virus, Anti-Spyware, Software, Firewalls) which bolster incorporated administration and can be coordinated with your system security controls and observing instruments. Normally reinforcement exceptionally vital information in a sheltered way (encode and secure information in rest in movement) – this mitigates the impacts of ransomware assaults. If there should be an occurrence of a rupture, have an arrangement to reestablish ordinary system tasks for various situations yet in addition make sure to incorporate strides for social event information for scientific examinations to happen in the repercussions.

5. Train your staff

Clients ought to know about the thoughts behind the usage of security

measures, what dangers are out there and what should raise their doubt – straightforward things like:

Non-requested sends with odd shrouded joins – otherwise known as "Think before you click battle"

Document connection with general yet well-sounding names

Stopping/interfacing unapproved media or individual gadgets into the system

Clients ought to experience preparing on:

The most effective method to deal with delicate data

Social Engineering preparing and know about the systems utilized

Report any peculiar exercises or security episodes

The preparation and advancement of work force ought to be a consistent procedure not an erratic event to guarantee subjects are pertinent, limit any potential dangers thus staff preparing can be scaled.

6. Remote/Home Users controls

Access dangers for remote corporate clients and make a strategy on the best way to moderate their use. Utilize solid/two-factor validation. Instruct remote clients on the significance of security and how to function with all security control systems without giving up efficiency.

Make and consistently refresh manuals on the most proficient method to utilize and design diverse security controls (otherwise known as VPN Clients and so forth.) Have a help and acceleration technique set up – this is done as such clients can work with all security controls set up and don't attempt to dodge them. Ensure information in travel and rest. Utilize a typical security work for every single telecommuter – increasingly secure, less demanding to work and investigate.

7. Observing

We can't pressure enough on the significance of steady checking. No condition is shot confirmation and purchasing best of breed items does not ensure top dimension of security. There is a great deal of components in play in each unpredictable condition that has numerous pinions and jolts. The main unsurprising angle about security is the eccentrics of the dangers they present (for instance the human factor or head apathy). A connection as solid as its weakest chain. An organization should focus on having all assurance/avoidance components set up yet ought to always remember to have perceivability and observing instruments set up.

Identify assaults and irregular conduct – both from outside and inside assaults. Respond to assaults – in an auspicious reaction to stop the spread of harm, can guarantee that the assault is obstructed later on and could help with a measurable examination. Record for action – you ought to have a total comprehension of how frameworks run, and how information and data is being utilized by clients. At exactly that point will you have the capacity to recognize deviations from the standard and follow up on them.

8. Test, test and test!

The best way to truly realize your security level is ensuring your association, is to routinely test it!

Security tests should cover all parts of your condition and ought to be performed on methods/forms, organize gear, endpoint frameworks and staff.

Formal security reviews that take a gander at techniques and on the off chance that they are being pursued/authorized

Mechanized helplessness evaluations – as a rule played out each 2-3 months and done inside

Infiltration tests – outside yearly security tests that generally give the most exact data for the organization's security stance and viability of all safety efforts sent

Social building tests on work force – endeavors to motivate representatives to dispose of touchy data to none-approved individuals either by means of telephone or face to face or to inspire physical access to organization limited zones.

No i did not work for the organization where such a thing happened.

Introduce, refresh and utilize hostile to infection programming

Stay up with the latest

Turn on the Windows firewall

Utilize the most recent variant of your internet browser

Try not to succumb to phishing messages

Utilize the Windows Malicious Software Removal Tool

Still tainted? Utilize a boot CD.