Published on April 21st, 2015 | by admin
The Weakest Link in the Chain
“Just because you’re paranoid doesn’t mean they’re not out to get you.” While I’m not sure where this quote originated from (it seems several take credit for it), it really does fit with the current trend of attacks via Advanced Persistent Threats (APTs). There’s still plenty of malware floating around in cyberspace waiting to attack indiscriminately, but focused attacks are becoming more prevalent. With only the largest company attacks getting widely publicized, the new television show CSI Cyber is bringing the reality of the attacks into living rooms across America on a weekly basis.
CSI Cyber is fiction, of course. But most of the capabilities they highlight are based in fact, however loosely. What they do get right is identifying the weakest link in most security infrastructures: the human element. While you can be up to date with all of the latest patching and properly secure access, an employee opening an email attachment or visiting a posted website can let the attackers in behind the secured gates.
Even though private companies and government agencies provide training to educate employees on cyber threats, not everyone gets it and truly understands the gravity of the threats. On top of this, with APTs, attackers do their homework on the pending target and come up with sophisticated schemes to lure an employee to the attachment or URL, convincing them that it’s legit. Most of the time, it’s easy for IT staff to know if an email is real or not; Spear Phishing, however, has gotten so good that it’s hard for even the most enlightened to always spot them. On top of this, even if an employee realizes after the fact that the email probably didn’t come from where it claimed to be from, the guilt associated with being the one making the mistake may keep them from reporting it.
Malware is now on your network and you don’t know about it. Right now, you might be saying that you have software in place to block this from happening, so you don’t have to worry.
But, how many of your employees work from home or hotel rooms? Do they use company equipment and only connect via Virtual Private Networks (VPNs), or do they sometimes use their own equipment and move files back and forth with flash drives? Unfortunately, even the largest moats and drawbridges can’t keep the evil at bay forever.
Although the human element can’t be removed from the equation (yet), the focus can be expanded from protecting just the perimeter. It’s here where a healthy case of paranoia can be a good thing, even if your company hasn’t been targeted yet. Doing the right things prior to a known intrusion could keep your company’s name out of the headlines. But, what are the right things?
Knowing your network and what normal patterns of traffic look like is a great starting point. The company’s intellectual property and proprietary secrets should be tagged and tightly controlled. You want to know who is accessing these and why, especially if copies are being made and stored elsewhere on the network. Once the normal traffic patterns have been identified, tools like SS8’s Communication Insight for Enterprise can monitor the network and quickly spot any abnormal patterns and immediately identify them for analysts to respond to. With many APT attacks, the malware will start gathering and identifying types of data before sending anything offsite. During this initial phase, before data is lost, rapid identification and action can many times prevent the loss of any data.
As the varied tools within Communication Insight for Enterprise map out the patterns of a network, a deeper understanding of proper network interactions is gained. At this level of detail, historical information can be analyzed and mapped, providing a forensic view of data movement and interactions. This provides the capability, even and especially after an attack, to compile critical information about the method and means of access to the network through tracking packet and data traffic flow.
Because of its effectiveness, Spear Phishing won’t be going away any time soon. Even with tools that monitor network traffic, a company’s focus on engaging and training their staff still has to be paramount. There should be regular communication throughout the company on the latest access attempts being used, providing insight so employees know what to look for. An atmosphere of questioning and reporting things that seem the slightest bit off needs to be supported and encouraged, so immediate action can be taken.
CSI Cyber may be television, but APTs and human error are real. Every employee needs to feel like they are an active part of the security team because they are. Without their active involvement and support, protecting your network becomes impossible.
To learn more about SS8 Communication Insight for Enterprise, download Solution Brief here.
Are you at the RSA Conference this week? Stop by booth 219 in Moscone Hall South to see SS8’s rapid remediation tools in action!