There seems to be a shift in attack methodology. Years ago, attackers wanted it known that they hacked your company. It was a feather in their cap. The last few years we have been dealing with low and slow attacks with hackers trying to remain hidden and maintain access for as long as possible so they could steal as much intellectual property as possible. It appears now that attackers are moving back to making their hacks very public. The main difference now is that they are motivated by money, not the recognition.
Going public with a hack forces a company to react quickly and ups the attacker’s chances of getting paid money or worse, ruining your reputation. Ransomware is here and unfortunately it is getting more sophisticated. Make sure you have solid backups of your data and also make sure you have copies that are offline. We have seen attackers delete network attached storage backup data in an effort to keep companies down if no ransom is paid.
Most of us have network attached storage or file servers with disk arrays. When we want to save a file, we create a folder or use an existing one that resides on these devices. We click save and forget all about it. We need to ask questions about the data that we are storing, who has access? Is this access read access only or can they change files? Who can delete these files? A great many of us simply have folders with the permissions EVERYONE Full Access. Most of us have all our data organized neatly together so people can easily find what they need.
When attackers steal data, we need to make their job harder. Segmenting data and setting proper permissions works to limit some of the damage done if you do become a victim and also forces attackers to work harder (make more noise on the network) which often enables your administrators and security team to find them. The days of simply having a firewall and anti-virus are over. Attackers have beaten these defenses years ago. Protection is key, detection is a must. As companies, we must have network and system monitoring systems in place.
You may have heard about the recent attack on Panama law firm Mossack Fonseca, where 2.6 Terabytes of data was stolen. A whopping 11.5 million documents!
Not all EDR platforms are built the same, and the gap between CrowdStrike EDR and…
The expectations organizations bring to EDR solution providers have shifted considerably. A few years ago,…
Any meaningful SIEM solutions comparison has to go beyond spec sheets. Feature parity across major…
Finding the right SIEM options for top security operations has never involved more variables. Cloud-native…
Choosing a SIEM platform has never been more complicated — or more consequential. The market…
The way organizations monitor their networks has changed more in the past three years than…