Your data has been breached, whether you’ve noticed or not.
As the Verizon 2016 Data Breach Investigations Report reveals, significant gaps often exist between time-to-compromise and time-to-discovery; with 83 percent of compromises taking weeks or longer to discover. This is serious, given that 60 percent of data is taken within hours of attack. Other data shows that 96 percent of systems across all industries have experienced data breaches, 27 percent of which involved advanced malware.
Detecting and mitigating the impact of a data breach demands an understanding of “normal” conditions and behaviors in your network environment. Performing regular cyber threat assessments can give you an accurate picture, allowing you to prevent more attacks and identify breaches more readily.
Common Indicators of Compromise
Although the Indicators of Compromise of a data breach depend on the type of attack, there are common red flags to look for. Unusual login times; reduced operating speeds across the network or heavy, unexplained traffic; use of nonstandard command prompts; unexpected restarts; use of unusual software; malfunctioning of antivirus/security software; and the presence of unexpected IPs are all suspicious to knowledgeable gatekeepers.
Other worrisome signs include errors in the application and system event logs; new open ports on the firewall; new devices on the network; new users with admin privileges; failed logins and unusual event log entries in the security log; workstations with very high traffic; or new applications installed with new protocols.
Top Cyber Threat Vulnerabilities
Un-patched and outdated systems remain top vulnerabilities; in fact, the 2016 Verizon report finds that malware droppers succeed by exploiting exactly these kinds of vulnerabilities.
Advanced forms of malware are very difficult to detect for a host of reasons. Many ransomware development teams monitor antivirus updates so they know when they need to change techniques, staying a step ahead each time. Many forms of malware are designed to remain dormant until triggered to strike at a certain time—often when the system is vulnerable during the boot process.
Cyber Threat Assessments Expose Vulnerabilities
Because breaches are inevitable, businesses must be able to recognize indicators of compromise.
A good cyber threat assessment offers security and threat prevention by exposing application vulnerabilities, detecting malware and botnets and identifying “at risk” devices. This part of the assessment analyzes the strength of the firewall and the security breach probability.
An assessment analyzes user productivity so it is apparent which instant messaging, peer-to-peer, social media and other apps are running on the system. This increases control and visibility of all apps.
Finally, an assessment can offer insight into network utilization and performance, measuring bandwidth usage, session and throughput requirements during peak and off hours. This allows you to set benchmarks and monitor performance for optimization.
Ultimately, prevention remains the best policy. It is critical to perform a cyber threat assessment to understand your vulnerabilities so that you may focus your investments in cybersecurity technology to minimizing those vulnerabilities. Our partner, Fortinet, offers a free online cyber threat assessment program — a good place to start.
CCSI can help you assess your cybersecurity posture and the biggest threats to it. Contact us to learn more.